Skip to main content

Transaction Response

Upon a successful transaction, the user is redirected to the success URL specified by the merchant in the initial request. The response body is encoded in base64 and is embedded with the successUrl and sent to the partner merchant which includes essential parameters:

Response Body Parameters Decoded
{
"status": "Success",
"refId": "01HP3GRRJ50D650M8JH6N07M21",
"totalAmount": "100",
"tarnsactionId": su07,
"MerchantCode": "supervendor",
"Signature": "6b79f3ffe01febfa8db57b9a46e3c981baca02144ca2aea188d502238fe26264",  
}

Signature Generation

The signature is created using the HMAC/SHA256 algorithm, which involves hashing the concatenated values of specific parameters. In this case, the parameters include status, refId, totalAmount, transactionId, and merchantCode. This process creates a unique and secure signature that acts as a digital fingerprint of the response.

Success URL

The success URL is a web address provided by the partner merchant where the user is redirected upon the successful completion of the transaction. The response body is structured, hashed, and encoded before being sent to the success URL. The partner merchant can decode and validate this response to confirm the successful transaction and update their system accordingly.

"successUrl": [https://citypay.com.np?data=eyJzdGF0dXMiOiJTdWNjZXNzIiwicmVmSWQiOiIwMUhQM0dSUkoxMERONjUwTThKSDZOMDdNMjEiLCJ0b3RhbEFtb3VudCI6IjEwMCIsInRyYW5zYWN0aW9uSWQiOiJzdTA3IiwiTWVyY2hhbnRDb2RlIjoic3VwZXJ2ZW5kb3IiLCJzaWduYXR1cmUiOiI2Yjc5ZjNmZmUwMWZlYmZhOGRiNTdiOWE0NmUzYzk4MWJhY2EwMjE0NGNhMmFlYTE4OGQ1MDIyMzhmZTI2MjY0In0=](https://citypay.com.np?data=eyJzdGF0dXMiOiJTdWNjZXNzIiwicmVmSWQiOiIwMUhQM0dSUkoxMERONjUwTThKSDZOMDdNMjEiLCJ0b3RhbEFtb3VudCI6IjEwMCIsInRyYW5zYWN0aW9uSWQiOiJzdTA3IiwiTWVyY2hhbnRDb2RlIjoic3VwZXJ2ZW5kb3IiLCJzaWduYXR1cmUiOiI2Yjc5ZjNmZmUwMWZlYmZhOGRiNTdiOWE0NmUzYzk4MWJhY2EwMjE0NGNhMmFlYTE4OGQ1MDIyMzhmZTI2MjY0In0=)

Response Body Structure

The response body is structured by assembling key transaction details such as status, refId, totalAmount, transactionId, merchantCode, and the previously generated signature.

Hashing

The structured response body is then hashed. Hashing is a one-way cryptographic function that transforms the data into a fixed-size string of characters, providing a unique representation of the response. The HMAC/SHA256 algorithm is commonly used for its security

Encoding

After hashing, the response body is encoded. Encoding is the process of converting the binary hash result into a human-readable format. In this case, the Base64 encoding method is applied, converting the hashed response body into a string of ASCII characters.

In the case of a failed transaction, the user is redirected to the failure URL initially provided in the request body.