Skip to main content

Webhook Verify

  • When the order is successful, the platform will notify the merchant of the payment result according to the notify_url at the time of placing the order. The merchant is considered to have successfully received the notify_url when, and only when, the merchant returns an HTTP status code of 200, and if the request takes more than 5s to respond, or if it returns a non-200 response, the request has not been successfully received.

  • The merchant needs to determine whether the call is made by the platform according to the signature rules.

duplicate notifications warning

Merchants are requested to make good judgment on duplicate notifications to avoid the risks caused by retroactive notifications

Failure to receive success will be notified at intervals of 15s 30s 60s 300s 600s 1800s 3600s 7200s 14400s for a total of 10 notifications After ten notifications if there is no successful notification the notification will be stopped

The merchant needs to determine if the call is from the platform based on the signature rules The specific algorithm for signing is as follows

Signature = HEX(SHA256('${http_body}.${apikey}'))

If you receive a callback request as follows (normally the callback should not contain line breaks and spaces in the JSON, the following is only for demonstration purposes, please refer to the specific returns)

{
  "notify_type": "refund_success",
  "data": {
    "uid": 39172931,
    "refund_id": "C34368224017070000",
    "merchant_refund_id": "P2164521756312637123",
    "order_amount": "105.00",
    "create_time": "2023-08-23T18:25:43.511Z",
    "refund_time": "2023-08-23T18:28:16.511Z"
  }
}

and your key is 6d0e8fa7b10c40c3a48c0c2be41cb178

Signature = HEX(SHA256('{"notify_type":"refund_success","data":{"uid":39172931,"refund_id":"C34368224017070000","merchant_refund_id":"P2164521756312637123","order_amount":"105.00","create_time":"2023-08-23T18:25:43.511Z","refund_time":"2023-08-23T18:28:16.511Z"}}.6d0e8fa7b10c40c3a48c0c2be41cb178'))
Signature = 3ce5a54d8a76590179f0f4192a6c0efddf20e118966b6276b1bfbbc0b33f362a

The uid and refund_id are the result of the data in the callback, and apikey is the developer key of the merchant during registration. The result of the signature will be returned in the HTTP header of the callback, the name is Signature, the merchant can get the Signature in the HTTP Header of the callback to compare with their own calculations, if they are equal, then the signature authentication is successful.