Response values

Hosted Payment Page return these fields back to your store using the x_url_complete and x_url_callback (if provided) fields.

GET x_url_complete Content-Type: application/x-www-form-urlencoded as Query String

POST x_url_callback Content-Type: application/json

Parameter Type Length Presence Description Example
x_account_id hex 36 Required Echo request’s x_account_id AAAA1AC7B73034AFF9975B4CE89D2BF471921CRU
x_amount decimal 0.01-9999999 Required Total transaction amount 3.56
x_currency string 3 Required Currency in the iso-4217 format USD
x_gateway_reference ascii string 1-255 Required Unique reference of an order assigned by the merchant. 19783
x_reference ascii string 1-255 Required Unique reference of an order assigned by the merchant. 19783
x_signature hex string 32 Required See Signing mechanism. 3a59c201r9u7619212b8c41dcba476d4a46e5f5c
x_result fixed 1-255 Required Valid values are completed, failed, or pending. completed
x_timestamp date 1-255 Required Time of transaction completion. UTC Time 2019-08-18T12:15:41Z
x_message ascii string 1-255 Optional A custom error message displayed to the customer. CVV Mismatch
card ascii object 1-255 Optional A object containing the card data. { number, exp_month, exp_year, brand }
card_token ascii object 1-255 Optional A object containing the card token data. { card_token, merchant_id }
subscription ascii object 1-255 Optional A containing the subscription data { start_date, end_date, description, interval, interval_count }

How to validade

If you need to validade the data, you can use the Signing mechanism to verify the fields we pass back to your store. You’ll need to sign all the data that starts with x_ but x_signature field. It will looks like this:

Ruby example:

fields = {x_account_id: '064BDCCB1F7A8835A468081753A633CA0B679FC76', x_amount: 89.99, x_currency: 'USD', x_gateway_reference: '123', x_reference: "19783", x_result: "completed", x_test: "true",  x_timestamp: '2019-08-18T12:15:41Z', x_message: 'CVV Mismatch'}
=> {:x_account_id=>"064BDCCB1F7A8835A468081753A633CA0B679FC76", :x_amount=>89.99, :x_currency=>"USD", :x_gateway_reference=>"123", :x_reference=>"19783", :x_result=>"completed", :x_test=>"true", :x_timestamp=>"2019-08-18T12:15:41Z", , x_message: 'CVV Mismatch'}
message = fields.sort.join
=> "x_account_id064BDCCB1F7A8835A468081753A633CA0B679FC76x_amount89.99x_currencyUSDx_gateway_reference123x_reference19783x_resultcompletedx_testtruex_timestamp2019-08-18T12:15:41Z"
expected_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), 'iU21RWxcec', message)
=> "8a9781fdfbf2524c9f2fc899775f4dd9cac010b7b5e97daddec77d82de3781a4"

isSignatureValid = provided_signature && provided_signature.casecmp(expected_signature) == 0
=> true