When there is an update to your order, we notify your web server at the following URL through a
This URL is your webhook endpoint combined with two additional parameters:
transactionid: Your unique identifier for the order, previously set as
order_idin your API request.
timestamp: The time the notification was triggered.
The updated order details make up the payload of the request.
Check the order status in the
status field. If necessary, update your backend.
Note: You can ignore notifications that:
timestampparameter in the URL
POST notification request includes an HMAC signature that you must use to validate its authenticity. To validate the request, you can either:
Acknowledge that you have successfully received a valid notification by returning:
OKat the start or end of the message body, or
MULTISAFEPAY_OKanywhere in the message body.
Until we receive your acknowledgement, we resend the notification 4 times at 15 minute intervals, each with a new timestamp.
If for some reason you don’t receive a notification:
If you still don’t receive a notification, you may need to authorize MultiSafepay servers' IP addresses on your web server. For a list of MultiSafepay IP addresses, email [email protected]
You have successfully configured your web server to handle notifications received from our webhook.