Skip to main content
The request is sent by HTTPS POST from an HTML form to the environment URL.

Basic form

SHA-512 signature

Generate purchaseVerification by concatenating, without separators:
Apply SHA-512 to the resulting text and send the hexadecimal hash.

Process the return

The merchant response URL receives an HTTP POST with the transaction data. Before changing the order:
  1. Read the returned parameters.
  2. Recalculate the signature, adding authorizationResult before the key.
  3. Compare the calculated signature with purchaseVerification.
  4. Verify that the operation number, amount, and currency match the original order.
  5. Process the transaction idempotently to support repeated notifications.
Do not mix integration and production endpoints or keys. Never expose the SHA-2 key in HTML or JavaScript; generate signatures on the server.

Safari

The popup issue described in the source applies to JavaScript Modal invocations. A pure Redirect submits the form directly. If your implementation combines both behaviors, open any window from an explicit user action and test the flow in Safari. Continue to parameters and notifications →