Knowledge Center

Knowledge Center > Commerce > Hosted Commerce Pages > Hosted Payment Method Pages 1.0 > Create Hosted Payment Pages on Your Website > Verify the Callback Response

Verify the Callback Response

Overview

After providing a callback page, the next step is to verify that the callback response is actually coming from Zuora. 

Verify the Callback Response

When Zuora sends a response to the merchant's callback URL, Zuora attaches a signature to the response.  Here is an example of a full callback URL:

http://yourdomain.com/yourapp/zuora_callback.php?id=4028e697325f8e970132603326446b33&tenantId=10514
timestamp=1316846058955&token=7av18bEz97Jrq9K6z0QPyvJpIqIxSmZc&responseSignature=ODU2ODMyZmY5YmFjNDQzZDQ4NmU2MDg3ODNkNzhlNTc=&success=true&refId=4028e4862ba3fcae012bad2c19e115b4&field_passthrough1=Capture&field_passthrough2=Step2

To verify the responseSignature

  1. Create a signature using the steps from the Generate the Sugnature for the Hosted Payment Method page.
  2. Compare the outcome with the responseSignature parameter that was sent to you in the original query string. If they differ, do not trust the callback.
  3. Compare the timestamp parameter from the query string with the current time (in UTC format). If they differ by more than 300 seconds, do not trust the callback.

What's Next

Next, learn about using hosted payment method pages with Zuora.

Last modified
16:49, 12 Feb 2015

Tags

Classifications

(not set)