The configuration of the CALLBACK service is very simple since it can be done through the LocalPayment user interface Stage and/or Production environment.
Once you have entered the user interface, click on: Settings → Edit Client → Notifications.
In the "Notifications" section, select Callbacks tab and enter a URL. On the reported URL, you will receive a POST request each time a transaction reaches a final status (described above).
In addition to the notification URL, we will configure and share with you a secret key that will be used to sign the request via HMAC-SHA256. The resulting signature will be sent in the X-Signature header like shown in the image:
When you sign the HMAC-SHA256 request, it is recommended that you compress the json request to remove white space. Also avoid using any json formatter that can modify the original format of property values.
Remember that you are able to setup and change your own Callbacks - Webhooks by accessing with an ADMIN user to the application.
HMAC algorithm
usingSystem;usingSystem.Collections.Generic;usingSystem.Linq;usingSystem.Security.Cryptography;usingSystem.Text;usingSystem.Threading.Tasks;namespaceLocalpayment.API.Helpers{publicstaticclassHmacHelper { //This function receives the parameters secret, payload, signature and validates the signature. If it is the correct signature, it returns true,
// otherwise it returns false.publicstaticboolIsValid(string secret,string payload,string signature) { //calculate the signaturevar verifiedHash =ComputeHash(secret, payload); //Validate the signature if (!String.IsNullOrEmpty(verifiedHash) && !String.IsNullOrEmpty(signature) && signature.ToLower().Equals(verifiedHash.ToLower()))
{returntrue; }returnfalse; } //function used to generate the hmacpublicstaticstringComputeHash(string secret,string payload) {byte[] key =Encoding.UTF8.GetBytes(secret);HMACSHA256 myhmacsha256 =newHMACSHA256(key);byte[] byteArray =Encoding.UTF8.GetBytes(payload);MemoryStream stream =newMemoryStream(byteArray); string result = myhmacsha256.ComputeHash(stream).Aggregate("", (s, e) => s + String.Format("{0:x2}", e), s => s);
return result; } }}
importjava.util.Objects;importjavax.crypto.Mac;importjavax.crypto.spec.SecretKeySpec;publicclassHmacHelper {//algorithm used for hmacpublicstaticfinalString ALGORITHM ="HmacSHA256";//function used to generate the hmacpublicstaticStringcalculateHMAC(String key,String data) throwsException {//Returns a Mac object that implements the specified MAC algorithm.Mac sha256_HMAC =Mac.getInstance(ALGORITHM);//Constructs a secret key from the given byte array.SecretKeySpec secret_key =newSecretKeySpec(key.getBytes("UTF-8"), ALGORITHM);//Initializes this Mac object with the given key.sha256_HMAC.init(secret_key);//Processes the given array of bytes and finishes the MAC operation.byte[] MAC =sha256_HMAC.doFinal(data.getBytes("UTF-8"));//return: the MAC result .returnbyteArrayToHex(MAC); } //This function receives the parameters secret, payload, signature and validates the signature. If it is the correct signature, it returns true,
// otherwise it returns false.publicstaticbooleanIsValid(String secret,String payload,String signature) throwsException {//calculate the signatureString verifiedHash =calculateHMAC(secret, payload);//Validate the signature if (Objects.nonNull(verifiedHash) && Objects.nonNull(signature) && signature.toLowerCase().equals(verifiedHash.toLowerCase())) {
returntrue; }returnfalse; }//this function convert byte Array To Hexadecimal StringpublicstaticStringbyteArrayToHex(byte[] a) {StringBuilder sb =newStringBuilder(a.length*2);for (byte b : a) {sb.append(String.format("%02x", b)); }returnsb.toString(); }}
Our Dynamic tutorial:
Follow our tutorial to configure the callback url from our frontend:
Example: Callback Notifications Service
The general structure for this request is:
{
"transactionType": "Payin",
"data": {
...
}
}
The "data" node content of the Callback is the same as the Body structure of the Check Payment
Remember that you can also check the status of each transaction using the Check Status endpoint. The request payload you will receive will be the same as the one sent by the CALLBACK push notification service.
