Getting Payment Result
Payment results will be returned to the merchant system once payment is done or the user abandons the payment process. HTTP POST is the only method that payment gateway returns all parameters to a merchant's return URL for real-time status update, which the merchant can configure in merchant admin. Merchant system should block all other methods or parameters from an untrusted source.
Response Parameters
| Variable / Parameter | Type Format / Max Length | Description / Example |
|---|---|---|
amount | 2 decimal points numeric value | The total amount paid or to be paid in Razer Cash payment request. |
orderid | alphanumeric, 40 characters | Invoice or order number from merchant system. |
tranID* | integer, 10–20 digits | Unique transaction ID for tracking purpose. This is an auto-incremental positive value, your DB structure has to be future-proof in case the maximum threshold is reached. |
domain | alphanumeric, 32 chars | Merchant ID in PG system. |
status | string in 2-digit numeric | 00 for Successful payment, 11 for failed status, 22 if pending. |
appcode | alphanumeric, 16 chars | Bank approval code. Mandatory for card payment. Certain channels return empty value. |
error_code | alphanumeric | Refer to the Error Codes section. |
error_desc | text | Error message or description. |
skey | 32 chars hexadecimal string | This is the data integrity protection hash string. Refer skey section for details. |
currency | 2 or 3 chars (ISO-4217) currency code | Default currency is MYR (indicating Malaysia Ringgit) for Malaysia channels. |
channel | predefined string in PG system | Channel references for the merchant system. Refer to the below table. |
paydate | Date/Time (YYYY-MM-DD HH:mm:ss) | Date/Time of the transaction. |
extraP* | optional (on request) | Refer to section ExtraP for all the available values to be responded. |
For those who are using MySQL or MariaDB, recommended data type is unsigned BIGINT(20)Note: This is a customizable parameter
Value of “channel” in return URL
Merchant is strongly recommended to implement IPN(instant payment notification) in order to acknowledge (ACK) on the receiving of payment status from the payment gateway. There are 2 ways to implement IPN. Please refer to the IPN section for details.
Examples of Payment Endpoint
You may use the sample for all 3 endpoints, i.e. Return URL, Notification URL, and Callback URL by making little modification based on your own requirements.
Sample return URL script for PHP
<?php
$sec_key ="xxxxxxxxxxxx"; //Replace xxxxxxxxxxxx with Secret_Key
/********************************
*Don't change below parameters
********************************/
$tranID = $_POST['tranID'];
$orderid = $_POST['orderid'];
$status = $_POST['status'];
$domain = $_POST['domain'];
$amount = $_POST['amount'];
$currency = $_POST['currency'];
$appcode = $_POST['appcode'];
$paydate = $_POST['paydate'];
$skey = $_POST['skey'];
/***********************************************************
* To verify the data integrity sending by PG
************************************************************/
$key0 = md5( $tranID.$orderid.$status.$domain.$amount.$currency );
$key1 = md5( $paydate.$domain.$key0.$appcode.$sec_key );
if( $skey != $key1 ) $status= -1; // Invalid transaction.
// Merchant might issue a requery to PG to double check payment status
if ( $status == "00" ) {
if ( check_cart_amt($orderid, $amount) ) {
/*** NOTE : this is a user-defined function which should be prepared by merchant ***/
// action to change cart status or to accept order
// you can also do further checking on the paydate as well
// write your script here .....
}
} else {
// failure action. Write your script here .....
// Merchant might send query to PG using Merchant requery
// to double check payment status for that particular order.
}
// Merchant is recommended to implement IPN once received the payment status
// regardless the status to acknowledge the PG
?>Sample return URL script for ASP/ASP.NET
<!--#include file="md5.asp"--> ’For ASP Developer
<!--#include file="md5.aspx"--> ’For ASP.NET Developer
<%
’ md5.asp/md5.aspx is a 3rd party developed md5 solution for ASP/ASP.NET user
’ You could get the md5.asp/md5.aspx from [email protected]
’ Some variables below are coming from POST method
dim key0, key1, tranID, orderid, status, merchantID, amount, currency, paydate, appcode, skey
tranID = Request.Form(“tranID”)
orderid = Request.Form(“orderid”)
status = Request.Form(“status”)
merchantID = Request.Form(“domain”)
amount = Request.Form(“amount”)
currency = Request.Form(“currency”)
paydate = Request.Form(“paydate”)
appcode = Request.Form(“appcode”)
skey = Request.Form(“skey”)
key0 = md5( tranID & orderid & status & domain & amount & currency )
key1 = md5( paydate & merchantID & key0 & appcode & ”xxxxxxxxxxxx” )
’Replace xxxxxxxxxxxx with Secret_Key
’ invalid transaction if the key is different. Merchant might issue a requery to PG to double check payment status
If skey <> key1 then
status= -1
End if
If status = "00" then
’ checking the validity of cart amount & orderid.
’ if the verification test passed then can update the order status to paid.
’ you can also do further checking on the paydate as well
Else
’ failure action
’ Merchant might send query to PG using merchant requery
’ to double check payment status for that particular order.
End if
’ Merchant is to implement IPN to ack on receiving of payment status
’ regardless the payment status
%>Updated 11 days ago