Callback Notification Explanation
For transactions such as payments, refunds, and withdrawals, after the user completes the transaction, Pay Protocol will notify the merchant system of the transaction result as parameters through a POST request, according to the notifyUrl
passed in by the merchant in the API.
For recharge transactions, after the user completes the recharge, Pay Protocol will notify the merchant system of the transaction result as parameters through a POST request, according to the recharge callback address set by the merchant in the admin console. Please visit Recharge Integration Process -> (Call Process 4) to complete the callback configuration for recharge.
Callback Notification Parameters
Request Headers
All callback notifications will include the following parameters in the request headers:
Parameter | Type | Description | Example Value |
---|---|---|---|
X-PAY-KEY | String | Merchant's API Key | F1R28pRQ |
X-PAY-TIMESTAMP | String | Unix timestamp of the request, in seconds | 1684304935 |
X-PAY-SIGN | String | Signature, details can be found in Introduction to Request Signature | Z0VwhFhFIFePC5M62DdcABkIQDQQUvshzItY9wSKVcg= |
Content-Type | String | Type of the request body | application/json |
Request Body
For specific callback notification content, please refer to the corresponding interface documentation:
- Recharge Callback Notification
- Withdrawal Callback Notification
- Payment Callback Notification
- Refund Callback Notification
Callback Response
After the merchant system receives the callback, it needs to return a plain/text
type string success
to inform Pay Protocol that the callback notification has been successfully received.
Callback Notification Features
- The callback notification address provided by the merchant must be a publicly accessible HTTPS address.
- Callback notifications are asynchronous, and the merchant system must be able to handle duplicate notifications.
- Callbacks are sent using POST requests.
- Callbacks are generally sent at the time of transaction confirmation (success or failure), and are sent up to 6 times, respectively at 0 seconds, 15 seconds, 30 seconds, 3 minutes, 5 minutes, and 10 minutes after transaction confirmation.
- When the merchant callback address returns
success
normally, the system will consider the callback successful and will not send subsequent callback notifications. - Merchants can also call the API interface to actively trigger a callback notification, for details, please refer to the corresponding integration process documentation.
Callback Notification Signature Verification
The signing method of callback notifications is the same as that of API requests, for details, please refer to Signature Generation.
Points to note:
timestamp
is theX-PAY-TIMESTAMP
in the request headers.method
is fixed as POST.requestPath
is the path of the callback notification. For example, if a merchant sets the callback address tohttps://your-callback-url.com/callback
, thenrequestPath
is/callback
.body
is the request body string of the callback notification.
Compare the sign
obtained from the signature with the X-PAY-SIGN
in the callback notification, and compare the merchant's API Key with the X-PAY-KEY
in the callback request headers. If they match, it means the signature verification has passed.