If the store have not set the auto_capture = false
field when creating the payment, then for payment methods, involving confirmation, during the payment process (while the buyer is in the Octo PS address zone), Octo PS will make 2 internal requests to the store (without redirecting the user to the store).
URL for such requests (notify_url) must be specified in the store’s personal account in the Settings section.
1st request - payment confirmation request (only if auto_capture = false
)
2nd request - notification to store of final payment status.
The request is executed by the POST
method, data in the request body in the JSON
format:
{
"shop_transaction_id": "uniq shop transaction_id",
"octo_payment_UUID": "1145df74-bb95-47cf-a616-8d6dcee2e222",
"status": "waiting_for_capture",
"signature": "sd8fg5sd87f6g",
"hash_key": "453fg54j3f6g"
}
Description of Octo response fields:
Field | Required | Description |
---|---|---|
status | Yes | The payment status in the Octo system. When requesting confirmation, there must be waiting_for_capture .For any other status, this request is is of informational character. |
shop_transaction_id | Yes | Unique transaction identifier on the store side. |
octo_payment_UUID | Yes | Unique transaction identifier in Octo PS. |
transfer_sum | No | Bill amount minus Octo fees available for a refund to the buyer |
refunded_sum | No | Amount refunded to the buyer |
signature | Yes | Used to authenticate the request from Octo and is calculated as "sha1(sha1(secret, hash_key), uuid, status)" |
hash_key | Yes | A random combination of characters to calculate the signature of a given request |
Octo PS expects HTTP status 200 and in the body of the JSON response:
{
"accept_status": "capture"
}
Field | Required | Description |
---|---|---|
accept_status | Yes | Required for requests with payment status waiting_for_capture . It can take values: capture - confirm payment cancel - cancel payment |
Due to the fact that, for security reasons, the Octo system does not explicitly store the secret keys of stores and cannot use them to sign their notifications, we recommend that the store (to guarantee the status change authenticity upon receipt of the status change notification from Octo) shall make an additional request to Octo to obtain the current status, as the request from the store to Octo is signed with a secret key and encrypted.