Callback
General information
It is possible to view all the callbacks Paysera sent to your system and response your system provided.
bank.paysera.com -> Projects and Activities -> Received payments -> Info sign near the specific payment.
Here you can see the url that was used for a callback and your system response. You can use this url to trigger callback manually.
Always check payment status - only status 1 means successful payment.
Check whether the payment is not made for testing purposes (by status parameter), whether the service for this payment has not yet been provided (by orderid parameter), whether the amount and currency match the ones saved in the order.
Callback structure
Paysera sends the answer to your specified callbackurl. 3 additional GET parameters are added to the callbackurl:
-
data - Encoded parameters from Paysera system. Same data coding algorithm is used as in generating a request for macro payments. To parse the parameters, 3 actions must be performed:
- Change the symbols "-" to "+", "_" to "/"
- Decode the string, using base64 encoding
- Retrieve the array of parameters from the decoded string, which is an URL-encoded parameter string
$params = []; parse_str(base64_decode(strtr($_GET['data'], ['-' => '+', '_' => '/'])), $params); //use $params
-
ss1 -
Sign of data parameter, without using private-public key scheme. Sign algorithm:
ss1 = md5(data + password)
- ss2 - Sign of data parameter, using RSA private-public key scheme with SHA-1 hashing function. Public Paysera key, which should be used to verify the signature, can be found at https://www.paysera.com/download/public.key
When you get the callback, you must check at least one signature before confirming the order. If there is a possibility, always (also) check the higher security ss2 signature.
Callback parameters
0 - Payment has not been executed
1 - Payment successful
2 - Payment order accepted, but not yet executed
3 - Additional payment information
4 - Payment was executed, but confirmation about received funds in bank won't be sent.
0 - Personal code is yet unknown
1 - Personal code matches
2 - Personal code does not match
3 - Personal code is unknown
If the personal code is unknown at the moment callback is made, another callback will be made with status parameter set to 3, as soon as the personal code will be known.