Payment Receipts

Using our REST, S1, and E1 interfaces you can receive data on payment success or cancellation.

After the payment has been successfully completed, the customer is redirected to the URL defined in the previous stage (RETURN_ADDRESS). If the payment was cancelled, the customer is directed to the cancelled payment URL (CANCEL_ADDRESS).

The notification address (NOTIFY_ADDRESS) is called when Paytrail marks the payment as completed. Typically this happens within a few minutes after redirecting the customer to RETURN_ADDRESS. Note that in some rare cases NOTIFY_ADDRESS is called before the customer is redirected to RETURN_ADDRESS.

The NOTIFY_ADDRESS call includes the same GET parameters as redirecting to RETURN_ADDRESS does.

If the customer does not return to Paytrail’s service from the payment method provider’s service, the information on successful payment will not be immediately available. In this case NOTIFY_ADDRESS will be called immediately when that information has arrived. We use payment status query services provided by payment method providers to speed up the process of payment being marked as completed. When we receive information on payment being completed the notification address is called.

In cases where payment method provider does not provide payment status query service, information about completed payment arrives on the next banking day. The only payment method provider currently not providing payment status query service is Ã…landsbanken.

The receipt carries unique return information that is used to verify the validity of the receipt and that the payment was actually successful. Return authentication hash is compared to the hash calculated by the webshop and if the values match, the payment receipt was not tampered.

In return authentication hash calculation, fields are joined using the | character (pipe, vertical bar) as separator. Merchant hash is appended to the string. When the payment is not successful, only fields 1, 2 and 5 are returned, and only fields 1, 2 and merchant hash are used in hash calculation.

Fields

The receipt contains the following fields.

ORDER_NUMBER

This is the same order number that was generated in the webshop and sent to the Payment Gateway.

TIMESTAMP

Timestamp generated by the Payment Gateway that is used to calculate the return authentication hash. Timestamp is in UNIX format, i.e. seconds from 1st Jan 1970.

Paid transaction ID number is generated by the Payment Gateway. It is used to verify the validity of a successful payment. If no ID is received, the payment has not been completed.

METHOD

Used payment method number. This is not returned if the payment was not succesful. Check the available payment methods from this page.

RETURN_AUTHCODE

Return authentication hash is a value which is compared to one calculated in webshop. If the value matches the calculated one, the payment has been completed and the information has not been modified after sending. The hash may be identical in both successful and failed transactions.

Calculating the AUTHCODE

In this example, we use the following data.

  • Order number: 15153
  • Timestamp of transaction: 1176557554
  • Paid Transaction ID ID: F4SDGF23FS
  • Payment method: 1
  • Merchant authentication hash: 6pKF4jkv97zmqBJ3ZL8gUw5DfT2NMQ

Combining these fields using the | character as separator, the following string is formed.

15153|1176557554|F4SDGF23FS|1|6pKF4jkv97zmqBJ3ZL8gUw5DfT2NMQ

Calculating the MD5 hash of this string and converting it to uppercase, we get.

191FAE904A0B9A57CA30A35C715ABAF9

If the calculated value equals the one received from the Payment Gateway (RETURN_AUTHCODE), the receipt is correct.