After completing an order, BBMSL Online Payment Gateway will send the successful result back to the merchant if corresponding information is given. Merchant's backend will need to handle the result and reply an acknowledgement.
- If the BBMSL Online Payment Gateway does not receive the acknowledgement from the Merchant, it will consider it as an unreceived notification and initiate further payment result notifications at a regular interval, such as 12 times in an hour, to increase success receiving rate. However, the BBMSL Online Payment Gateway cannot ensure successful receipt of payment notifications. (Notification frequency: 5 minutes)
- As payment result notifications may be sent to the Merchant’s backend multiple times, the Merchant's system must be able to perform deduplication to the notifications properly.
- To ensure the integrity of the notification message, merchant must verify the signature of the notification. Please check Verifying Signature section below.
The merchant needs to provide a REST API endpoint for the BBMSL Online Payment Gateway to notify the success order result, the result will be constructed as the API request body.
Request URL: This URL may be configured via
notifyUrlas a parameter value submitted through the APIs.
Expected Acknowledgement Response:
Two notification request body example is given below,
#Example Payment Success Result Notification (hosted-checkout/direct model):
#Example Add Token Success Result Notification:
Like using PayAPI, each notification comes with a signature, you may perform the following steps to verify it:
Remove the signature field
Sort the remaining fields in alphabetical order
Join all array values with the character of
&. You will get similar content like the following,
- Use the RSA2/RSA verification method to verify the signature
Below is BBMSL test host public key for verifying notification:
To connect all array values to pre-verify string:
The verify code snippet: