Handle Redirection
The redirection payment process is a common method for handling online payments, which involves an additional step of authentication, such as 3D Secure (3DS). For certain payment methods, you need to redirect your customer from your website to a payment partner or bank page to complete the transaction with additional authentication. Here is a typical flow for the redirection payment mode process:
- Initiate a Direct API Request: Send a request with the necessary parameters to Novalnet, indicating that you are using the redirection payment mode.
- Redirect the Customer: Route your customer to the secure bank or payment service partner's page to enter their secure details and complete the authentication process.
- Handle the Payment Response: Once the customer returns to your website, process the payment response to determine the outcome of the transaction.
- Request Additional Details: If needed, request further details about the transaction to confirm its status or address any issues.
Initiate a Direct API Request
Methods like online bank transfers require the customer to log in to their bank account to complete the transfer. For these methods, you must include additional parameters such as transaction.return_url and transaction.error_return_url to specify where the customer should be redirected after the payment process. The transaction.return_url indicates where the customer should be redirected after a successful payment, while the transaction.error_return_url is used if the customer abandons the transaction or if the payment fails on the bank or payment partner's side. If you do not provide a transaction.error_return_url, the transaction.return_url will be used as the destination for both successful and failed transactions.
Redirect the Customer
Once you have successfully initiated the payment request, you will receive a result.redirect_url, to which you must redirect your customer using either a header redirect or a form redirect, depending on the capabilities of your programming language. Along with the result.redirect_url, you will also receive the transaction.txn_secret, a unique temporary identifier for the redirection initiation. To ensure accuracy between the initial payment request and the response from the payment partner through redirection, you can use the transaction.txn_secret to map the requests or perform optional checksum validation.By default, the result.redirect_url is valid for only 5 minutes, so you must redirect the end customer within this timeframe; otherwise, the URL will expire. Please note that once the end customer has been redirected, the link cannot be used again, even within the specified time frame.
Handle the Payment Response
As the customer completes the payment on the payment partner's or bank's end, they will be redirected to either your transaction.return_url or transaction.error_return_url, depending on the payment result (completion or abortion/failure, respectively). The payment response is delivered as an HTTP GET request with URL-encoded parameters. To ensure accuracy and map the corresponding transaction, validate the response using the txn_secret stored from the initial step. To prevent data manipulation in the response, it is recommended to perform an optional checksum verification. For this, you need to generate your own checksum and compare it with the one provided in the payment response. Please refer to the sample snippet for details on performing checksum validation.
<?php
$txn_secret = !empty($_SESSION["novalnet_txn_secret"])
? $_SESSION["novalnet_txn_secret"]
: $_REQUEST["txn_secret"];
// Handle Response
if (
!empty($_REQUEST["checksum"]) &&
!empty($_REQUEST["tid"]) &&
$txn_secret &&
!empty($_REQUEST["status"])
) {
$token_string = $_REQUEST["tid"] . $txn_secret . $_REQUEST["status"] . strrev("YOUR_PAYMENT_ACCESS_KEY");
$generated_checksum = hash("sha256", $token_string);
if ($generated_checksum !== $_REQUEST["checksum"]) {
echo "While redirecting some data has been changed. The hash check failed";
exit();
} else {
// Handle further process here for the successful scenario
}
} else {
// Could be a handling for the direct payment
}
?>Request Additional Details
The payment response from the previous step will provide only limited and essential information related to the transaction. If you require additional details about the transaction, you should request them by initiating a separate call to the transaction details API.