Payments Notification

About this guide

This guide shows you how to work with payment notifications. Due to the nature of some payment methods, payments will not always be confirmed instantly which is the case of all cash payments for an example. We'll guide you through the steps to handle this type of calls.

How it works

1. Verify the notification signature

   When a payment status is changed to confirmed (CO) or cancelled (CA), EBANX sends a notification to your system through the Notification URL that you should set in your Dashboard. For more details on setting your notification URL, you can refer to the Settings Tab on your EBANX Dashboard.

   EBANX signs every notification request using a private certificate and send the signature in the HTTP headers. The merchant can verify if the request really came from EBANX by validating the digital signature using our public certificate.

   The available certificates and their fingerprints are shown on the table below:

   Fingerprint	Certificate
   4ABAD89CF66B99998465470550EB15E3E271A246	Download

   EBANX will send the following headers in the notification request:

   X­-Signature­Type: rsa,sha1

   X­-Signature­Fingerprint: 4ABAD89CF66B99998465470550EB15E3E271A246

   X-­Signature­Content: xh5hstzZt5Rf5ihNzbfFfkmN89askd...DrHJAnzHgaf2vzA==

   Parameter	Description
   X­-Signature­Type	The signing algorithm. EBANX will always use RSA/SHA1.
   X­-Signature­Fingerprint	The signature fingerprint. It indicates which certificate was used to sign the notification.
   X­-­Signature­Content	The signed payload, encoded as a Base64 string.

   The signature can be validated in PHP as follows:

   $cert = file_get_contents('ebanx-notifications-public.pem');

   $data = file_get_contents("php://input");

   $signature = base64_decode($_SERVER['HTTP_X_SIGNATURE_CONTENT']);

   // http://php.net/manual/en/function.openssl-verify.php

   $result = openssl_verify($data, $signature, $cert);

   if ($result === 1)

   {

   echo "OK, signature is correct.";

   }

   else

   {

   echo "ERROR, the signature is incorrect.";

   }

2. Get the payment hash codes from the notification

   The notification will contain the following parameters:

   Parameter	Description
   operation	The value is always payment_status_change.
   notification_type	Event that triggered the notification
   hash_codes	A single hash or an array of hashes separated by commas.

   And notification_type can have the following values:

   • update: The payment status has changed from PE(Pending) to CO(Confirmed) or CA(Cancelled);
   • chargeback: A chargeback was issued for this payment;
   • refund: A refund was issued for this payment;
   • chargeback_credit: A chargeback credit was issued for this payment;

   Here's a sample of a notification:

   operation=payment_status_change&notification_type=update&hash_codes=53ad936c0dfb7b008d57bf7d396c83a28d24869949fdc84f

3. Query the payments using the /ws/query end-point and the hash codes received in the notification

   To query a payment, you just need to call the end-point /ws/query (from your server) with the following required fields:

   Field	Description
   integration_key	Your unique and secret integration key
   hash	The payment hash (EBANX unique identifier)

   Here's an example of a payment query:

   curl -X GET 'https://sandbox.ebanxpay.com/ws/query?integration_key=your_integration_key&hash=5a15e30b970d9f9f4bc33466e42e92515c7a7ed755dc1e45'

   The EBANX server will send a JSON object as a response, including the payment status. Here’s an example:

   {

   "payment": {

   "hash": "5a15e30b970d9f9f4bc33466e42e92515c7a7ed755dc1e45",

   "pin": "020593132",

   "merchant_payment_code": "1120a8eb178",

   "order_number": null,

   "status": "CO",

   "status_date": "2017-11-22 20:50:18",

   "open_date": "2017-11-22 20:50:18",

   "confirm_date": "2017-11-22 20:50:18",

   "transfer_date": null,

   "amount_br": "100.38",

   "amount_ext": "100.00",

   "amount_iof": "0.38",

   "currency_rate": "1.0000",

   "currency_ext": "BRL",

   "due_date": "2017-11-25",

   "instalments": "3",

   "payment_type_code": "visa",

   "details": {

   "billing_descriptor": ""

   },

   "transaction_status": {

   "acquirer": "EBANX",

   "code": "OK",

   "description": "Sandbox - Test credit card, transaction captured",

   "authcode": "45101"

   },

   "pre_approved": true,

   "capture_available": false

   },

   "status": "SUCCESS"

   }

4. Let EBANX know you received our response

   Reply the notification with an HTTP 200 status. We suggest to print any message showing that you got the notification, indicating that the notification was successful.

Getting help

We hope this article was enlightening, but in case we’ve failed to take out your doubts you have the following options to keep on seeking for answers:

• If you’re not our partner yet and would like to know more about our prices and conditions please fill our this form and our commercial team will get in touch with you.
• In case you’re already our partner please get in touch with our support team at integration@ebanx.com.