July 19, 2018, 9:11 am

Print

How to automatically update my order's status when the payment is received?


Date added:
01 December 2009
Last revised:
23 October 2012

Answer

For each payment you've received, PG-1's system will send 2 types of notification: Email notification to registered merchant email, and HTTP notification to your related registered web store. The HTTP notification can be use to automatically updating the order's status or other order's processing step (ex: sending invoice email to customer, sending download link, etc). PG-1 will send HTTP notification on every change made to the payment (confirmed, unconfirmed, approved, unapproved).

We have created plug-ins for some well known e-commerce / shopping cart script and we also provide library in some programming language (PHP & Java). These plug-ins will automatically update your order's status if the payment is received from PG-1. If you cannot find any matching plug-ins for your script, you can create it yourself by learning how the PG-1's notification works (read the article below).


Technically the PG-1's HTTP notification is a simple HTTP POST request sent to the "Payment Notification URL" you have set for the registered web store. For more information about how to register your web store please click here. The notification will include some parameter which will be explained below:

  • version
    This parameter will be filled with the current PG-1's protocol version. The current & latest version is 1.0.
  • buyer
    This parameter will be filled with the PG-1 buyer's PG-1 email.
  • merchant
    This parameter will be filled with the PG-1 merchant email . You can use this parameter to validate if the notification is for the valid merchant.
  • store-id
    This parameter will contain your registered Store ID which payment has been paid into.
  • trans-id
    This parameter will be filled with your transaction / order ID which has been set when creating the payment button. You can use this parameter to validate the payment notification by retrieving the order's record (based on the "trans-id" parameter) in your database and validate the amount using the "amount" parameter.
  • trx-id
    This parameter will be filled with the 32 characters of PG-1's hash code that uniquely identify the payment transaction. You can save this code to relate the order's invoice with the PG-1's payment transaction. You will also need this code for interacting with PG-1 APIs (for Payment Approval/Rejection, Refund, and Split).
  • amount
    This parameter will be filled with the payment's amount. You can use this parameter with the "trans-id" parameter to validate the notification with your saved order's invoice, to make sure the notification is valid.
  • status
    This parameter will be filled with the payment notification's status. There are 3 status available:
    • confirmed
      This "Payment Confirmed" status is sent when the buyer's payment has been processed. The notification will be sent just after the payment has been processed.
    • approved
      This "Payment Approved" status is sent when the payment has been manually or automatically approved by the merchant (from merchant menu or using PG-1 APIs). After the approval, the payment will be added to the merchant's Gollar balance.
    • rejected
      This "Payment Rejected" status is sent when the related merchant reject the payment (from merchant menu or using PG-1 APIs). After being disapproved, the payment will be refunded to the buyer's PG-1 account.
    • refunded
      This "Payment Refunded" status is sent when the related merchant issue refund(s) to the payment (using PG-1 APIs). The amount parameter will be the refund amount.
  • description
    This parameter will be filled with human readable description of the "status" parameter. There are 4 description for each status describe above.
  • sandbox
    If you receiving this parameter, it means the Payment Notification is sent from our sandbox server and it must be ignored in your production server.

The "Payment Notification URL" in your merchant's store configuration need to be set to the notification handler script you've created. To create a secure handler script you need to do some validations, which include:

  • PG-1 IP validation
    In this validation you need to make sure that the notification is coming from PG-1's server with IP: 202.78.195.236. Notification from other IP should be ignored and handled as hacking attempt.
  • Sandbox validation
    You need to make sure that the notification is coming from PG-1's secure server, not the sandbox server. To do the validation, you can check for the "sandbox" parameter sent to the script. If the parameter is exists and has the value of "true", then it means the notification is coming from the Sandbox server. For production use you should ignore all notification sent from Sandbox server.
  • Merchant validation
    You need to validate the merchant parameter sent to the notification script, to make sure you are processing the right notification. Just compare the value of "merchant" parameter with the merchant email you've save somewhere in your web store database.
  • Trans's ID and amount validation
    This validation will relate the notification with your order record saved in your web store's database. You need to retrieve the order record from your database which has the same ID and amount as the "trans-id" and "amount" parameter sent to the notification script. If the order record is found, then you can proceed to the next step (example: updating the order's status, etc.). If no matching order record found, then it should be ignored.

Category