Callback
Last updated
Last updated
Adding callback URL using "callbackURL" field to request body enables you to get POST request from SensePass on any transaction update events.
It is required to implement a POST endpoint on your server based on the same interface as
In event of communication error from SensePass to your server - SensePass will retry multiple times to call your server will the callback URL over a period of days.
Make sure the URL provided in "callbackURL" is fully accessible from the internet and does not contain local IP or private DNS.
SensePass IP's are dynamic - Limiting your endpoint to specific IP address is not possible.
Simple request example to create new transaction with callback URL data.
URL: /transactions/init
Request Body:
POST
/transactions/init
This API creates new payment request based on the fields below.
amount*
number
The required amount for this transaction (Cents).
If products are a part of the transaction - they are all summed up & calculated via the following formula:
(amount + vat - discount) * quantity e.g. (10 + 1.7 - 1) * 2.
isCent
boolean
Determines if Amount represents in cents or not
timeOut
number
Time until the transaction will be timed out (seconds)
currency*
string
[ USD, CAD, ILS, EUR, RUB ]
deviceId
string
Terminal unique device ID provided by SensePass (For Device based Transactions) - Required if apiKey is empty
callbackURL
string
URL to your POST endpoint
HMAC (Hash-based Message Authentication Code) signature authentication for callbacks is a security mechanism used to ensure the integrity and authenticity of a message between two systems.
This authentication logic will enables you to verify that the callback API call was originated by SensePass.
HMAC Verification steps:
Extract "HMAC-Random-Key" header from the callback API request
Concat the header from #1 to the request body
Perform HMAC 256 calculation with the concatenated string and using your secret HMAC key
Compare the result from #3 against the value of the request header "HMAC-Authorization"
Our system expects for 200-299 status code as an indication for a successful callback handling.
Failure to get these status codes triggers retries logic of 6 attempts with these intervals:
15 seconds
60 seconds
120 seconds
600 seconds
2000 seconds
32000 seconds
By default all the callbacks are sent with JSON body and POST method, it is possible to choose GET method callback without request body.
Callback with GET method will be sent with TransactionNumber as query param.
URL: /transactions/init
Request Body for GET callbacks:
This API call will be sent to this URL:
https://google.com/callback/api/callback?TransactionNumber=573942fsdqe90342k304242&callbackType=transaction_status
Interface:
See Transactions entity schema: