Notifications are sent using the following criteria:
- a change of status of a Transaction, Subscription, or Authorization occurs
- an error occurs when trying to confirm a Transaction, Subscription, or Authorization
- a new payment is generated or not after a charge to an Authorization
- a new payment is generated or not due to a Subscription
- some actions are performed over a Sale
A POST notification is sent to the URL defined in the field notify_url which was sent when the object was created.
Since the notification URL is defined when creating the object (Transaction, Subscription or Authorization), in the
notify_urlfield, the URL can be dynamic, allowing it to be different for each created object.
The notification consists of a POST that sends a JSON with the following fields:
signature: Notification signature, to validate that the notification is sent by ZRU. More details on calculating the signature can be found later.fail: If this field contains content, it refers to an error notification. The content would be an error code, which we can see here.id: ID of the Transaction, Subscription, or Authorization related to the notification.type: Type of object related to the notification (P - Transaction, S - Subscription, A - Authorization).order_id: Includes the content sent in theorder_idfield when creating the object.status: Status of the transaction (N - Pending, D - Completed, C - Canceled, E - Expired).
The statuses Completed, Canceled, and Expired are final statuses.
subscription_status: Status of the Subscription, only sent if the notification is related to a subscription (W - Waiting, A - Active, P - Paused, S - Stopped).
The Stopped status is a final status.
authorization_status: Status of the Authorization, only sent if the notification is related to an authorization (A - Active, R - Removed).
The Removed status is a final status.
amount: Amount charged to the client.sale_id: If charged to the customer, includes the Sale ID related to the payment.action: Last action of the object, more options will be provided later.sale_action: Last action of the Sale, more options will be provided later._extra: Includes the content sent in theextrafield when creating the object or when making a charge. It is not sent if not provided._charge_id: Includes the content sent in thecharge_idfield when making a charge._method: In the case of card payments, includes the card's information used; more details on the included fields will be provided later.
It is important to keep in mind during implementation that a new field can be added to the received JSON at any time.
- I: Error
- D: Completed
- E: Expired
- C: Cancelled
- A: Active Subscription (it's only available in the case of a subscription)
- T: Initialized Subscription (it's only available in the case of a subscription)
- P: Paused Subscription (it's only available in the case of a subscription)
- S: Stopped Subscription (it's only available in the case of a subscription)
- R: Deleted Authorization (it's only available in the case of a authorization)
- Y: Payment received (it's only available in the case of a authorization or subscription)
- I: Error
- G: Amount charged
- H: Amount on hold
- V: Released amount
- C: Captured amount
- R: Refunded amount
- S: Settled amount
- E: Rejected escrow amount
name: Card namebin: BIN of the masked card numberbin8: 8-digit BIN of the masked card numbermasked: Masked card numbermasked8: Masked card number with 8-digit BINunique_hash: Hash that uniquely represents the card. Whenever a customer uses the same card number and the same expiration date, they will receive the same hash.unique_hash_pan: Hash that uniquely represents the card. Whenever a customer uses the same card number, they will receive the same hash.brand: Card brandexpiration_month: Card expiration monthexpiration_year: Card expiration year
The steps to calculate the signature and verify its correctness are as follows:
We start from the received JSON dictionary and ignore the keys:
failsignature- any other key which starts with
_
We sort the remaining JSON keys in alphabetical order, for example:
['action', 'amount', 'authorization_status', 'id', 'order_id', 'sale_action', 'sale_id', 'status', 'subscription_status', 'type']
In that order, we put the values one after the other in a variable, ignoring nulls, replacing symbols <, >, ", ', (, ), \ with spaces, and removing spaces from the beginning and end of each value, for example:
D5.0d825c974-7288-4ddf-ae8b-21635c44eac3323232G545b8519-3e3c-4ee7-adef-9da7eefe5283DP
To this, we add the Secret Key of your environment at the end, for example:
D5.0d825c974-7288-4ddf-ae8b-21635c44eac3323232G545b8519-3e3c-4ee7-adef-9da7eefe5283DP18754581c5434008b9262dd5a6938ed3
Finally, we sha256 this variable and obtain the signature to check it against the one received in the JSON, for example:
783600a129c93cad54f561bca60e60c9b8dc328209841751a600a5e1c941ccee
We will distinguish the most important notification flows depending on the object type, so we can use the following criteria:
Transaction
- Error notification while the customer tries to confirm and fails, check the error code in the
failfield. - Single cancellation notification (
status=C). - Single expiration notification (
status=E). - Single completed transaction notification (
status=D) including thesale_idfield of the Payment ID. - The rest of the possible notifications will always be related to the payment (Sale).
- Error notification while the customer tries to confirm and fails, check the error code in the
Subscription
- Error notification while the customer tries to confirm and fails, or a charge attempt is made to an active subscription (in this latter case
status=D), check the error code in thefailfield. - Single cancellation notification (
status=C). - Single expiration notification (
status=E). - Single completed subscription notification (
status=D), it does not include thesale_idfield. - Payment received notification includes the
sale_idfield with the Payment ID. It is triggered the first time if it includes a charge when confirming the subscription and each time a correct charge is made to that subscription. - The rest of the possible notifications will always be related to the subscription payments.
- Error notification while the customer tries to confirm and fails, or a charge attempt is made to an active subscription (in this latter case
Authorization
- Error notification while the customer tries to confirm and fails, or a charge attempt is made to an active authorization (in this latter case
status=D), check the error code in thefailfield. - Single cancellation notification (
status=C). - Single expiration notification (
status=E). - Single completed authorization notification (
status=D), it does not include thesale_idfield. - Payment received notification includes the
sale_idfield with the Payment ID. It is triggered the first time if it includes a charge when confirming the authorization and each time a correct charge is made to that authorization using thechargeendpoint. - The rest of the possible notifications will always be related to the authorization payments.
- Error notification while the customer tries to confirm and fails, or a charge attempt is made to an active authorization (in this latter case
Sale
- These notifications always include the
idof the object related to the payment and thestatus=D. - Error notification for any action performed on the sale, such as refund, capture, etc., check the error code in the
failfield. - Capture notification, can be partial, check the
amountfield (sale_action=C). - Void notification, can be partial, check the
amountfield (sale_action=V). - Refund notification, can be partial, check the
amountfield (sale_action=R). - Settlement notification (
sale_action=S).
- These notifications always include the
In the Panel, we can see the notifications sent by ZRU in real-time from the Developers / Notifications section, and we can also resend them by selecting the notification and clicking the Resend button.