After completing a payment, BBMSL payment gateway will send the corresponding result back to the merchant. Merchant's backend will need to handle the result and reply an acknowledgement.
- When interacting with this API, if BBMSL payment system does not receive a response from the Merchant backend indicating success or timeout, the BBMSL payment system will consider it as an unreceived notification and initiate further payment result notifications at a regular interval, such as 12 times in 60 minutes, so as to ensure successful receipt. However, the BBMSL payment system cannot ensure successful receipt of payment notifications in every case. (Notification frequency: 5 minutes)
- As payment result notifications may be sent from the BBMSL payment system to the Merchant’s backend multiple times, a single payment result might be notified to the Merchant's backend multiple times. For this reason, the Merchant's system must be able to handle duplicate notifications properly.
- To ensure the integrity of the notification message, merchant must verify the signature of the notification. Please check Verifying notification signature below.
Request Url: This URL may be configured via callbackUrl.notify, a parameter submitted via the APIs of online-hosted and online-tokenization.
Request Method: POST
Expected Response: "OK", if the BBMSL payment system does not receive this response from the Merchant backend indicating received, the BBMSL payment system will treat it as an unreceived notification and initiate further payment result notifications 5 minutes later.
Payment Success Result Notification：
Add Token Result Notification：
#Verifying notification signature
After receiving notification, perform the following steps to verify the signature:
Remove the signature field.
Sort the remaining fields in alphabetical order from A to Z.
Connect all array values by the character of "&". You can get the following similar content to be verified:amount=10&cardType=VISA&merchantReference=2021120210310101&orderId=20873&status=SUCCESS
Use the RSA2/RSA verification method to verify the signature.
Below is BBMSL test host public key for verifying notification:
The code to connect all array values to pre-verify string in Java:
The verify code snippet in Java:
The code to connect all array values to pre-verify string in PHP:
The verify code snippet in PHP: