Skip to main content

Verify the Callback Response


Verify the Callback Response


After providing a callback page, the next step is to verify that the callback response is actually coming from Zuora. 

Verify the Callback Response

When Zuora sends a response to the merchant's callback URL, Zuora attaches a signature to the response.  Here is an example of a full callback URL:

To verify the responseSignature

  1. Create a signature using the steps from the Generate the Signature for the Hosted Payment Method page.
  2. Compare the outcome with the responseSignature parameter that was sent to you in the original query string. If they differ, do not trust the callback.
  3. Compare the timestamp parameter from the query string with the current time (in UTC format). If they differ by more than 300 seconds, do not trust the callback.

What's Next

Next, learn about using hosted payment method pages with Zuora.