General information
It is possible to view all the callbacks Paysera sent to your system and response your system provided.
bank.paysera.com ->
Projects and Activities ->
Received payments ->
Info sign near the specific payment.
Here you can see the url that was used for a callback and your system response. You can use this url to trigger callback manually.
Always check payment status - only status 1 means successful payment.
Check whether the payment is not made for testing purposes (by status parameter), whether the service for this payment has not yet been provided (by orderid parameter), whether the amount and currency match the ones saved in the order.
Callback structure
Paysera sends the answer to your specified callbackurl. 3 additional GET parameters are added to the callbackurl:
-
data - Encoded parameters from Paysera system. Same data coding algorithm is used as in generating a request for macro payments. To parse the parameters, 3 actions must be performed:
- Change the symbols "-" to "+", "_" to "/"
- Decode the string, using base64 encoding
- Retrieve the array of parameters from the decoded string, which is an URL-encoded parameter string
Example in PHP language:
$params = [];
parse_str(base64_decode(strtr($_GET['data'], ['-' => '+', '_' => '/'])), $params);
//use $params
-
ss1 -
Sign of data parameter, without using private-public key scheme. Sign algorithm:
ss1 = md5(data + password)
-
ss2 -
Sign of data parameter, using RSA private-public key scheme with SHA-1 hashing function. Public Paysera key, which should be used to verify the signature, can be found at https://www.paysera.com/download/public.key
When you get the callback, you must check at least one signature before confirming the order. If there is a possibility, always (also) check the higher security ss2 signature.
Signature verification is only possible when encryption is disabled in the project settings. If encryption is enabled, an alternative method of data validation is used.
Callback encryption
When encryption is enabled in the project settings, parameters
ss1 and
ss2 will not be sent. Instead, the content of
data will be encrypted. Below is an example of handling such a request in PHP:
$password = 'password';
$stringToDecrypt = base64_decode(strtr($requestData['data'], '-_', '+/'), true);
$ivLength = (int) openssl_cipher_iv_length('aes-256-gcm');
$iv = substr($stringToDecrypt, 0, $ivLength);
$ciphertext = substr($stringToDecrypt, $ivLength, -16);
$tag = substr($stringToDecrypt, -16);
$decryptedText = openssl_decrypt(
$ciphertext,
'aes-256-gcm',
$password,
OPENSSL_RAW_DATA,
$iv,
$tag
);
Callback parameters
projectid
Unique project number.
Only activated projects can accept payments.
orderid
Order number from your system.
lang
It is possible to indicate the user language (ISO 639-2/B: LIT, RUS, ENG, etc.). If Paysera does not support the selected language, the system will automatically choose a language according to the IP address or ENG language by default.
amount
Amount in cents the client has to pay.
currency
Payment currency (i.e USD, EUR, etc.) you want the client to pay in. If the selected currency cannot be accepted by a specific payment method, the system will convert it automatically to the acceptable currency, according to the currency rate of the day. Payamount and paycurrency answers will be sent to your website.
payment
Payment type. If provided, the payment will be made by the specified method (for example by using the specified bank). If not specified, the payer will be immediately provided with the payment types to choose from. You can get payment types in real time by using WebToPay library.
country
Payer's country (LT, EE, LV, GB, PL, DE). All possible types of payment in that country are immediately indicated to the payer, after selecting a country.
paytext
Payment purpose visible when making the payment.
name
Payer's name received from the payment system. Sent only if the payment system provides such.
surename
Payer's surname received from the payment system. Sent only if the payment system provides such.
status
Payment status:
0 - Payment has not been executed
1 - Payment successful
2 - Payment order accepted, but not yet executed
3 - Additional payment information
4 - Payment was executed, but confirmation about received funds in bank won't be sent.
test
The parameter, which allows to test the connection. The payment is not executed, but the result is returned immediately, as if the payment has been made.
payment_country
Country of the payment method. If the payment method is available in more than one country (international) – the parameter is not sent. The country is provided in the two-character (ISO 3166-1 alpha-2) format, e.g.: LT, PL, RU, EE.
payer_ip_country
Country of the payer established by the IP address of the payer. The country is provided in two-character (ISO 3166-1 alpha-2) format, e.g.: LT, PL, RU, EE.
payer_country
Country of the payer established by the country of the payment method, and if the payment method is international – by the IP address of the payer. The country is provided in the two-character (ISO 3166-1 alpha-2) format, e.g.: LT, PL, RU, EE.
p_email
Payer's email address is necessary. If the email address is not received, the client will be requested to enter it. Paysera system will inform the payer about the payment status by this address.
payamount
Amount of the transfer in cents. It can differ, if it was converted to another currency.
paycurrency
The transferred payment currency (i.e USD, EUR, etc.). It can differ from the one you requested, if the currency could not be accepted by the selected payment method.
version
A version number of Paysera system specification (API).
requestid
It is a request number, which we receive when the user presses on the logo of the bank. We transfer this request number to the link provided in the "callbackurl" field.
account
Account number from which payment has been made.
personcodestatus
If you have provided personcode parameter when making the request, this parameter indicates whether the given personal code matches the real one. Possible values:
0 - Personal code is yet unknown
1 - Personal code matches
2 - Personal code does not match
3 - Personal code is unknown
If the personal code is unknown at the moment callback is made, another callback will be made with status parameter set to 3, as soon as the personal code will be known.
identification_successful
Can be either 1 or 0. This parameter is only returned if personcode parameter is used in payment request and only with some of the PIS methods. Shows if customer identification is successful.