Payment status notification from Octo to the store.

If the store have not set the auto_capture = false field when creating the payment, then for payment methods, involving confirmation, during the payment process (while the buyer is in the Octo PS address zone), Octo PS will make 2 internal requests to the store (without redirecting the user to the store).
URL for such requests (notify_url) must be specified in the store’s personal account in the Settings section.

1st request - payment confirmation request (only if auto_capture = false)
2nd request - notification to store of final payment status.

The request is executed by the POST method, data in the request body in the JSON format:

{
  "shop_transaction_id": "uniq shop transaction_id",
  "octo_payment_UUID": "1145df74-bb95-47cf-a616-8d6dcee2e222",
  "status": "waiting_for_capture",
  "signature": "sd8fg5sd87f6g",
  "hash_key": "453fg54j3f6g"
}

Description of Octo response fields:

Field Required Description
status Yes The payment status in the Octo system. When requesting confirmation, there must be waiting_for_capture.
For any other status, this request is is of informational character.
shop_transaction_id Yes Unique transaction identifier on the store side.
octo_payment_UUID Yes Unique transaction identifier in Octo PS.
transfer_sum No Bill amount minus Octo fees available for a refund to the buyer
refunded_sum No Amount refunded to the buyer
signature Yes Used to authenticate the request from Octo and is calculated as "sha1(sha1(secret, hash_key), uuid, status)"
hash_key Yes A random combination of characters to calculate the signature of a given request

Octo PS expects HTTP status 200 and in the body of the JSON response:

{
  "accept_status": "capture"
}
Field Required Description
accept_status Yes Required for requests with payment status waiting_for_capture. It can take values:
capture - confirm payment
cancel - cancel payment

Due to the fact that, for security reasons, the Octo system does not explicitly store the secret keys of stores and cannot use them to sign their notifications, we recommend that the store (to guarantee the status change authenticity upon receipt of the status change notification from Octo) shall make an additional request to Octo to obtain the current status, as the request from the store to Octo is signed with a secret key and encrypted.