Redirect and sample

Merchants have to specify redirect urls in the transaction request under the Postback node. Urls have to be specified for two payment status outcomes of payment requests:

  • Successful payment
  • Failed payment

A Redirect is executed after consumers submit payment details. Consumers are then redirected to url corresponding with the payment status of the payment request. Upon a successful payment the consumer is redirected to the url which is set in the UrlCompleted field of the Contract.Postback request. Upon payment rejection or fail, the consumer is redirected to the url set in the UrlError field of Contract.Postback request.

Often consumers submit payment details, kick off payment processing, and close the browser which causes the redirect not to be triggered. The payment is processed, however the status of the payment is unclear for the merchant as the redirect did not take place. Therefore postback notifications are sent asynchronously in order to inform merchants of the payment status.

Format

The Redirect is an HTML GET, including values offering merchants more information regarding the payment. All values will be appended as GET parameters. The append process takes into account whether there already is a “?” or not in the UrlCompleted / UrlError page. Custom query string parameters can be used in UrlCompleted and UrlError fields. Please be aware that these parameters are publicly exposed and therefore should not contain any sensitive values. Do make sure to avoid name-clashes. 

Security 

The redirect uses a checksum to allow verification of the content of the data. The checksum is a digital signature that authenticates the sender of the message. This prevents others from tampering and sending payment requests in your name. It also ensures that any received response or postback is sent by ICEPAY. Validation of the checksum is therefore crucial.

How to calculate the checksum

The checksum calculation for the redirect use the individual fields that are sent as GET query parameters by concatenating the values separated by the pipe (|) character in the following order: ContractProfileId|StatusCode|StatusDetails|Reference|TransactionId|ProviderTransactionId|PaymentMethod|Issuer|AmountInCents|CurrencyCode

Calculate the HMACSHA256-hash of this string and compare it with the checksum sent in the query parameters. The checksum is in HEX format.

Sample

Sample of a success URL:

http://www.mywebshop.com/success.aspx?ContractProfileId=8658b625-8dfd-4165-9c88-1e7bf2ae90e1&TransactionId=64295b8b-d56f-479b-a0b9-43cd013d8ec6&Reference=order12345&StatusCode=Completed&StatusDetails=Finished&PaymentMethod=iDeal&Issuer=ING&AmountInCents=100&CurrencyCode=EUR&ProviderTransactionId=03c165e8-d041-43f7-97a3-392830249c32&Checksum=40099d8c1841de6eeb77f4ce9036494379c01c49218bbe35fa446e70e9bf8574