Payment Notifications Callbacks
OPay will make sure that you will be kept updated with the status of your payments. Whenever the status of one of your payments has been updated, we will keep you notified.
Set up CallBack Endpoint
After a given payment transaction has been issued by one of your clients through any of our payment channels,
we will make sure that you will be kept updated with the status of your payments.
OPay delivers an informative, and secure notification callback solution to keep our valued merchants informed once the status of their respective
transactions have been updated. All you need is to create you callback endpoint on your side to handle OPay
notification callback request. Creating an endpoint to receive callbacks on your application is as easy as
creating a new page that accepts unauthenticated POST requests.
The callback object is sent as JSON object in the request body.
Callback Cross Verification
Since anyone can get hold of your endpoint and attempt to send you phony event objects for malicious purposes (e.g. to see if they can mark their subscription to your product as renewed just in case you aren't running any verifications on the transaction reference), it is important to verify that callbacks originate from OPay.
You can do any or both of the below to verify callbacks from OPay:
- Watch the IPs and accept callbacks only from our IPs.
- Validate the Signature as described in the section that follows.
Handling Callbacks
-Responding to a callback:
You should respond to a callback with a 200 OK. We consider this an acknowledgement by your application. If your application responds with any status outside of the 2xx range, we will consider it unacknowledged and thus, continue to send it for 72 hours. You don't need to send a request body or some other parameter as it would be discarded - we only pay attention to the status code.
-Structure of an callback object:
A callback object is sent in JSON and similar to what you would get in response to a typical API request. Below is the body of a callback.
Example Response:
{
"payload": {
"amount": "30000",
"channel": "Web",
"country": "EG",
"currency": "EGP",
"displayedFailure": "",
"fee": "1500",
"feeCurrency": "EGP",
"instrumentType": "BankCard",
"reference": "test0816_1639568742",
"refunded": false,
"status": "SUCCESS",
"timestamp": "2021-12-15T11:46:26Z",
"token": "211215140485151728",
"transactionId": "211215140485151728",
"updated_at": "2021-12-15T11:46:26Z"
},
"sha512": "91036c7cc6274b4ec2b2c3e4dc5b0f0ef9817978dfd5e379a9a57414061c4f090ae36771f532099f9c72b3b73fd6ebb0c7c9d052b5a19d9c940ea0f101e86b67",
"type": "transaction-status"
}
Response Parameters Description
| Parameter | type | Description | |
|---|---|---|---|
| payload | |||
| country | String |
Transaction belongs country. | |
| fee | String |
Transaction fee Amount in EGP. | |
| displayedFailure | String |
Transaction reason for failure. | |
| reference | String |
Partner transaction number. | |
| updated_at | String |
Transaction update time. | |
| currency | String |
Transaction currency. | |
| refunded | String |
Is the transaction a refund type (true false). | |
| timestamp | String |
Transaction time. | |
| amount | String |
Transaction Amount in EGP. | |
| transactionId | String |
Opay transaction number. | |
| payChannel | String |
Pay method (BankCard BalancePayment OWealth FlexiFixed BonusPayment). | |
| status | String |
Transaction status (successful failed). | |
| sha512 | String |
Which is essentially a HMAC SHA512 signature of the callback payload. Signed using your Secret Key. | |
| type | String |
transaction-status. | |
