Web hook
The web hook posts the result of the transaction or refund to your server. Please review profile to configure your web hook URL. The JSON body looks like follows:
Transaction
POST your.site/web-hook-url
{
"transaction_id": "fumo transaction code",
"timestamp": "UTC request timestamp",
"reference": "Your internal reference",
"result": "1",
"signature": "Signed fields"
}
Field descriptions
| field | usage |
|---|---|
| transaction_id | This is the fumo transaction code |
| timestamp | UTC Timestamp in the RFC 3339/ISO 8601 format 2024-03-15T08:15:27Z |
| reference | Your reference for the transaction |
| result | The result of the call. Please see status codes |
| signature | The signed request which is detailed below |
Request signing
The signature is the concatenation of certain fields which is then given a SHA512 hash which is finally base64 encoded. In pseudo code as follows:
strToHash = transaction_id + reference + status + profile_key + secret_key + timestamp
hash = sha512(strToHash)
signature = base64.encode(hash)
The profile and secret keys are from the profile that you are using.
Response
If your server responds to the above request with a HTTP status 200 or 201 we will see the transaction notification as completed. Any other status we will retry 5 times.
Refund
POST your.site/web-hook-url
{
"refund_id": "fumo refund code",
"timestamp": "UTC request timestamp",
"reference": "Your internal reference",
"result": "1",
"signature": "Signed fields"
}
Field descriptions
| field | usage |
|---|---|
| refund_id | This is the fumo refund code |
| timestamp | UTC Timestamp in the RFC 3339/ISO 8601 format 2024-03-15T08:15:27Z |
| reference | Your reference for the refund |
| result | The result of the call. Please see status codes |
| signature | The signed request which is detailed below |
Request signing
The signature is the concatenation of certain fields which is then given a SHA512 hash which is finally base64 encoded. In pseudo code as follows:
strToHash = refund_id + reference + status + profile_key + secret_key + timestamp
hash = sha512(strToHash)
signature = base64.encode(hash)
The profile and secret keys are from the profile that you are using.
Response
If your server responds to the above request with a HTTP status 200 or 201 we will see the refund notification as completed. Any other status we will retry 5 times.