IPN (Instant Payment Notifications)

After we process a payment, the transaction is placed in pending state. The amount wont be available to your account until the transaction is marked complete.

If a call back url is setup on your account, after every payment processed, we call the url with the transaction details, which you can use to update your order, e.g. mark an invoice as paid and update your database. An example is when you are selling music on your website, you might want to send a download link after a user makes a payment, or make the song available on the users account.

The table below shows the data that we send to your call back url.

Field Value Details
xsp_status success Order status flag
xsp_invoice_num varies The invoice number that was sent for processing
xsp_amount varies The total amount thats was sent for processing
xsp_fee 0
xsp_transaction_id varies every time CadiPay Transaction/Reference number
xsp_hash varies every time This is the fingerprint generated using an MD5 hashing algorithm on Pin, Secret Key, Order Total, Invoice Number, Reference Number, Fingerprint and Merchant ID.
xsp_pin varies every time A random 4 digit pin that we generate to create the hash

Important

For obvious security reasons, we will only send data to your call back url using the HTTPS protocol. If you don’t have and SSL certificate, you can buy one here

When you receive data on your call back url, always confirm it is coming from CadiPay server by re-generating and comparing the hash key

Below is the sample code (in PHP) to show how to confirm

<?php
$status = $_POST['xsp_status'];
$invoice = $_POST['xsp_invoice_num'];
$amount = $_POST['xsp_amount'];
$cadipay_transaction_id = $_POST['xsp_transaction_id'];
$cadipay_hash = $_POST['xsp_hash'];
$pin = $_POST['xsp_pin'];

$secret = "INSERT_YOUR_SECRET_KEY";
$fingerprint = "INSERT_YOUR_FINGERPRINT";
$merchant = "INSERT_YOUR_MERCHANT_ID";

//generate your hash
$my_hash = md5($pin . $secret . $amount . $invoice . $cadipay_transaction_id . $fingerprint . $merchant);

if($my_hash == $cadipay_hash){
    //great. its coming from cadipay. You can process the order
    //mark invoice as paid, update your database, send email/sms to user, ship the item e.t.c.
} else {
    //send a lightning back to sender
}
?&gt

Don’t forget that the Transaction is still marked as pending in your CadiPay account. To mark it complete, simply generate new hash (md5 of merchant id, secret key, fingerprint and cadipay transaction id) and send it together with the CadiPay Transaction ID to
https://www.cadipay.com/checkout/process_order

You can send this data back using curl like below

<?php
$secret = "INSERT_YOUR_SECRET_KEY";
$fingerprint = "INSERT_YOUR_FINGERPRINT";
$merchant = "INSERT_YOUR_MERCHANT_ID";
$cadipay_transaction_id = $_POST['xsp_transaction_id'];

//generate your hash
$hash = md5($merchant . $secret . $fingerprint . $cadipay_transaction_id);

$url = 'https://www.cadipay.com/checkout/process_orderhttps://www.cadipay.com/checkout/process_order';

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('xsp_hash' => $hash, 'xsp_transaction_id' => $cadipay_transaction_id, 'xsp_status' => 'complete')));
// receive server response ...
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec ($ch);
curl_close ($ch);
?&gt

We will then respond with “success” if the transaction is marked complete, or with an error message