Redirect to Payment Page
Overview
In this section, we cover:
- Redirect the payer - send the Payer to the provided bankURL.
- Display successful outcome - following a successful payment, ensure the payer is advised.
There are additional steps in the payer process which are completed securely outside of your website. This reduces your PCI compliance liability and provides peace of mind for the buyer.
Redirect to Payment Page
After a user consents to continue to their bank, you should redirect the payer to the bankUrl provided as a part of the createOrder Response.
After that, the process continues on between the payer and their online banking system. Despite slight differences between banks, in principle, the payer logs in to their bank's system, sees the payment details and then authorises or cancels the payment. They, of course, can abandon without completing the process.
After completing the authorization process at their bank, the payer will be redirected to Ecospend's redirect URL. In the meantime, Ecospend Gateway will retrieve the status of the payment from the bank. Then Ecospend will send the payer to us. Finally, we return the payer to your returnUrl and we will send a Callback response to your callbackUrl, as per the below specification:
Callback Response
It is us who will send this POST to your callbackUrl, so it is presented as a response. If this POST fails however, we will not be able to retry it and you should utilise our Transaction Management API to determine the outcome of the transaction.
You can do this in response to receiving the redirected payer, if you have not received the callback Response in a timely manner.
| callback POST | ||
|---|---|---|
| Field Name | Data Type | Description |
| signature | string | Signature generated for the callback. Can be used in the optional Signature Verification process |
| id | string | Unique transaction ID. This ID should be stored as it is required for later transaction actions. Optionally used to verify the signature. |
| paymentMethod | string | Payment method ecospend. |
| rrn | string | Unique reference allocated by Ecospend. |
| amount | decimal | Sale amount. Optionally used to verify the signature. |
| currency | string | Currency of the transaction GBP. Optionally used to verify the signature. |
| invoiceId | string | Order/invoice/transaction/basket number generated by the host website, as passed in the request. Optionally used to verify the signature. |
| accountId | string | Unique reference for the store processing the transaction, as passed in the request. |
| authDateTimeUtc | string | Date and time of when the transaction was authorised with the acquirer. |
| errorCode | integer | Provides additional detail should an error have occurred with the transaction. Optionally used to verify the signature. |
| success | boolean | Confirms whether the transaction has been successful. Optionally used to verify the signature. |
| transactionState | string | The current state of the transaction. |
| status | string | Ecospend payment status |
Example Callback Response
{
"signature": "yDlqMP0vM/grI/VCFwM/q5lMBwBDKTr/hTjPze0Ca3Y=",
"id": "374873d1-f69e-44bd-a637-5b5b28734021",
"paymentMethod": "ecospend",
"rrn": "5dc9e424-f878-4114-bc18-3b5e414ac41f",
"amount": 3,
"currency": "GBP",
"invoiceId": "1631891547494",
"accountId": "uuid000001",
"authDateTimeUtc": "2021-09-17T15:12:37.016969534Z",
"errorCode": 0,
"success": true,
"transactionState": "CHARGE",
"status": "Completed"
}
Verifying the callback signature
This is an optional process but is strongly recommended to ensure an authentic callback from us.
To provide integrators with confidence that the callback was generated by DNA Payments and is authentic, a signature value is provided within each request. To verify the signature, please follow these steps:
- Concatenate
id,amount,currency,invoiceId,errorCodeandsuccessvalues to construct the payloadsignaturePayload= id + amount + currency + invoiceId + errorCode + success
- Calculate the HMAC by using the SHA256 algorithm, <client_secret> and
signaturePayloadfrom Step 1hash = hmac.New(sha256.New, client_secret)hash.Write(signaturePayload)
- Base64 encode the result to get the expected signature
expectedSignature = base64.StdEncoding.EncodeToString(hash.Sum(nil))
- Compare signatures
If the signature that you calculated in Step 3 matches the signature that you received, you'll know that the callback was sent by us, and is authentic.
Display Successful Outcome
Once you've received the payer to your returnUrl and have received and confirmed the status of the payment via either the Callback Response or our Transaction Management API, you should display the successful outcome, or provide options for retendering if this has not been successful.
The payment is now complete