Redirect to Payment Page


In this section, we cover:

  1. Redirect the payer - send the Payer to the provided bankURL.
  2. Display successful outcome - following a successful payment, ensure the payer is advised.

There are additional steps in the payer process which are completed securely outside of your website. This reduces your PCI compliance liability and provides peace of mind for the buyer.

Redirect to Payment Page

After a user consents to continue to their bank, you should redirect the payer to the bankUrl provided as a part of the createOrder Response.

After that, the process continues on between the payer and their online banking system. Despite slight differences between banks, in principle, the payer logs in to their bank's system, sees the payment details and then authorises or cancels the payment. They, of course, can abandon without completing the process.

After completing the authorization process at their bank, the payer will be redirected to Ecospend's redirect URL. In the meantime, Ecospend Gateway will retrieve the status of the payment from the bank. Then Ecospend will send the payer to us. Finally, we return the payer to your returnUrl and we will send a Callback response to your callbackUrl, as per the below specification:

Callback Response


It is us who will send this POST to your callbackUrl, so it is presented as a response. If this POST fails however, we will not be able to retry it and you should utilise our Transaction Management API to determine the outcome of the transaction.

You can do this in response to receiving the redirected payer, if you have not received the callback Response in a timely manner.

callback POST
Field NameData TypeDescription
signaturestringSignature generated for the callback. Can be used in the optional Signature Verification process
idstringUnique transaction ID. This ID should be stored as it is required for later transaction actions.

Optionally used to verify the signature.
paymentMethodstringPayment method ecospend.
rrnstringUnique reference allocated by Ecospend.
amountdecimalSale amount.

Optionally used to verify the signature.
currencystringCurrency of the transaction GBP.

Optionally used to verify the signature.
invoiceIdstringOrder/invoice/transaction/basket number generated by the host website, as passed in the request.

Optionally used to verify the signature.
accountIdstringUnique reference for the store processing the transaction, as passed in the request.
authDateTimeUtcstringDate and time of when the transaction was authorised with the acquirer.
errorCodeintegerProvides additional detail should an error have occurred with the transaction.

Optionally used to verify the signature.
successbooleanConfirms whether the transaction has been successful.

Optionally used to verify the signature.
transactionStatestringThe current state of the transaction.
statusstringEcospend payment status

Example Callback Response

"signature": "yDlqMP0vM/grI/VCFwM/q5lMBwBDKTr/hTjPze0Ca3Y=",
"id": "374873d1-f69e-44bd-a637-5b5b28734021",
"paymentMethod": "ecospend",
"rrn": "5dc9e424-f878-4114-bc18-3b5e414ac41f",
"amount": 3,
"currency": "GBP",
"invoiceId": "1631891547494",
"accountId": "uuid000001",
"authDateTimeUtc": "2021-09-17T15:12:37.016969534Z",
"errorCode": 0,
"success": true,
"transactionState": "CHARGE",
"status": "Completed"

Verifying the callback signature


This is an optional process but is strongly recommended to ensure an authentic callback from us.

To provide integrators with confidence that the callback was generated by DNA Payments and is authentic, a signature value is provided within each request. To verify the signature, please follow these steps:

  1. Concatenate id, amount, currency, invoiceId, errorCode and success values to construct the payload
    • signaturePayload = id + amount + currency + invoiceId + errorCode + success
  2. Calculate the HMAC by using the SHA256 algorithm, <client_secret> and signaturePayload from Step 1
    • hash = hmac.New(sha256.New, client_secret)
    • hash.Write(signaturePayload)
  3. Base64 encode the result to get the expected signature
    • expectedSignature = base64.StdEncoding.EncodeToString(hash.Sum(nil))
  4. Compare signatures

If the signature that you calculated in Step 3 matches the signature that you received, you'll know that the callback was sent by us, and is authentic.

Display Successful Outcome

Once you've received the payer to your returnUrl and have received and confirmed the status of the payment via either the Callback Response or our Transaction Management API, you should display the successful outcome, or provide options for retendering if this has not been successful.

The payment is now complete