Our notifications are webhooks where our API will notify your web server when the status of a transaction changes.
The notification webhooks are triggered by events made by both your customers (e.g. completing a payment) and you (e.g. creating a refund).
We will add 2 parameters to the notification request:
For a POST notification we will also add the order data to the body of the request.
MultiSafepay will always call the notification_url with the timestamp parameter.
When MultiSafepay calls the notification_url without a timestamp, the call can safely be ignored.
The call should also be ignored for further processing when the same order status is received.
Our API provides a GET and POST notification.
From your webserver we received the following transaction request:
"order_id": 12345,
"payment_options": {
"notification_url": "https://yourdomain.com/index/paymentprovidernotification?invoice_id=840",
}
When the status of this transaction changes, we will notify your web server with this URL through a GET request. https://yourdomain.com/index/paymentprovidernotification?invoice_id=840&transactionid=12345×tamp=140292929
Please note: Within the notification url, the transaction_id should have the same value as the order_id
Carry out the following 3 tasks within your custom implementation:
From your webserver we receive the following transaction request:
"order_id": 12345,
"payment_options": {
"notification_url": "https://yourdomain.com/index/paymentprovidernotification?invoice_id=840",
"notification_method": "POST",
}
When the status of this transaction changes, we will notify your web server with this URL through a POST request. https://yourdomain.com/index/paymentprovidernotification?invoice_id=840&transactionid=12345×tamp=140292929
Carry out the following 3 tasks within your custom implementation:
Before accepting the order data, the POST notification request must be validated by comparing the provided and calculated signature/hash.
The calculation of this signature/hash:
The advantage of implementing the POST notification is that your webserver will save on roundtrips in communication.
With the POST notification your webserver does not have to request the transaction status from our API anymore, but will get the changed transaction directly in the notification payload.
The security requirement you must implement is to always validate the payload so you know the POST notification comes from MultiSafepay and has not been tampered with.
As response, MultiSafepay expects an empty page with one of the following:
When an OK or MULTISAFEPAY_OK is not received, MultiSafepay will repeat this notification. The notification with timestamp is repeated twice within 15 minutes.
Feedback
You're missing something out and would like us to fix it? Suggest an improvement to this page!
Other languages
Liever uitleg in
het Nederlands? Neem contact op met uw accountmanager.
Vuoi ricevere
informazioni in italiano? Contatta il tuo account manager.
Falls Sie eine deutschsprachige Erklärung bevorzugen, kontaktieren Sie bitte Ihren Kundenbetreuer.
Prefieres tener la
explicación en Español? Contacta con tu gerente de cuentas.
Vous préférez une
explication en français? Contactez votre gestionnaire de compte.