Dusupay
Search…
Merchant Redirect
For all Bank, Card and Crypto collection requests, a redirect URL is a mandatory parameter. This is the URL that DusuPay redirects to when the status of the transaction changes. Details follow..

Redirect URL Structure

The final redirect URL would look like the following. DusuPay basically appends the redirect parameters to the URL that's set in the initial collection request
1
https://redirect_url?id=&reference=&internal_reference=&status=&message=&signature=
Copied!
Below is a description of all the query parameters that DusuPay appends
Parameter
Type
Description
id
integer
The transaction ID generated by DusuPay
reference
string
The merchant reference for this particular transaction
internal_reference
string
The internal reference generated by DusuPay for this transaction
status
string
The transaction status. Values can be one of; PENDING, CANCELLED, FAILED or COMPLETED. These are described here
message
string
The message describing the status
signature
string
The RSA signature generated by DusuPay. This can optionally be verified by the merchant to ensure that the redirect comes from DusuPay before giving value/service to the customer
We strongly recommend that merchants check for the availability of these parameters in the URL and also confirm that the references correspond to the data already available in their systems. This is one other way to ascertain the legitimacy of the redirect

Redirect Signature Verification (Optional)

This section describes the steps taken to verify the signature using sample query parameters. Assume that the redirect URL is as follows;
1
https://www.redirecturl.com?id=226&reference=2e474cf19b71&internal_reference=DUSUPAY405GZM1G5JXGA71IK&status=COMPLETED&message=Transaction%20Completed%20Successfully&signature=c0K46co6bmQkoDW8XjEWQ7nBAteBo5E0HLKnLaJr8g5tQO2suVgB1gzp1y5fjCl8EOUt77hw9XealtkyBLk7VcYJoN6PVjxpHO3kCim_3rmWZqxhISy9jVnl03ZCz9GG7Tn4NS8PU14hgn9gF1wrfXMwUpiCezcVcBxg-m0L6XSqckLTudGTb7mJgIpYCRdrj2FbpFzhB1e2xCJ5NbSc4nXA9_XrylTnD1wiO_iFEkD5ZbaH-IfYnTN7SOt6slgvrgsMGe4PI2PiHSuW97xf21n4Lt0pB1MVpKYIA5CHJORvxv8yAxODJGnKT93VxjIdfFd1Kkh-QfkC4upyXBbPlJKmRAcaCcUgVYQccrbuEgZ_ouVLdyo6h1q4-l7AKKl7W0Nx-U_HbhpvAUCe4kLHX9CyeJgDA8xB1fkyVTbpBTbw4h0iTP_98VUy0jCMJMYWkObPLI9K1FMYFgfFgdDy6LMIPb4-dBlPkevH9ZIPKE2N60vQFd9zRH2-J8LGCemqncVZlbi6jIzmy1Z2ylPQ772-fhT9tPJGlMsPw7bLcsRrDGulwHgO1dxHXpKJcb0OjkIxlQgTfHqLyyuqgyWcJJkoAmWMwmtnhIdJUmiD7V_UdZ3lLVP52VhEUqJhlWzVX7AmvK00WUkffut8uqgAqKbsSwgPEffp6RZxPvjJJAA
Copied!
The signature string used in the example is valid and you can test verification with it. You can directly copy it from the section below
1
c0K46co6bmQkoDW8XjEWQ7nBAteBo5E0HLKnLaJr8g5tQO2suVgB1gzp1y5fjCl8EOUt77hw9XealtkyBLk7VcYJoN6PVjxpHO3kCim_3rmWZqxhISy9jVnl03ZCz9GG7Tn4NS8PU14hgn9gF1wrfXMwUpiCezcVcBxg-m0L6XSqckLTudGTb7mJgIpYCRdrj2FbpFzhB1e2xCJ5NbSc4nXA9_XrylTnD1wiO_iFEkD5ZbaH-IfYnTN7SOt6slgvrgsMGe4PI2PiHSuW97xf21n4Lt0pB1MVpKYIA5CHJORvxv8yAxODJGnKT93VxjIdfFd1Kkh-QfkC4upyXBbPlJKmRAcaCcUgVYQccrbuEgZ_ouVLdyo6h1q4-l7AKKl7W0Nx-U_HbhpvAUCe4kLHX9CyeJgDA8xB1fkyVTbpBTbw4h0iTP_98VUy0jCMJMYWkObPLI9K1FMYFgfFgdDy6LMIPb4-dBlPkevH9ZIPKE2N60vQFd9zRH2-J8LGCemqncVZlbi6jIzmy1Z2ylPQ772-fhT9tPJGlMsPw7bLcsRrDGulwHgO1dxHXpKJcb0OjkIxlQgTfHqLyyuqgyWcJJkoAmWMwmtnhIdJUmiD7V_UdZ3lLVP52VhEUqJhlWzVX7AmvK00WUkffut8uqgAqKbsSwgPEffp6RZxPvjJJAA
Copied!
  1. 1.
    Form the string payload to be used in the signature verification. This is obtained by concatenating values of the redirect data in the format; id:internal_reference:status:redirect_url where redirect_url is the value you set for the redirect_url parameter when making the initial collection request in this case, that value is https://www.redirecturl.com
2. The string payload in our example would therefore be the following;
1
226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.redirecturl.com
Copied!
3. Download the public key and store it in a file as described here.
4. Use the stored public key to verify the signature as described in the sample source codes below
JavaScript
PHP
1
const crypto = require('crypto');
2
const fs = require('fs');
3
4
function isValidSignature() {
5
const strPayload = "226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.redirecturl.com";
6
const signature = "signature-from-query-params";
7
const publicKeyFile = "path-to-file/dusupay.public.key.pem";
8
const publicKey = fs.readFileSync(publicKeyFile).toString().replace(/\\n/g, '\n');
9
10
const verify = crypto.createVerify("SHA512");
11
verify.write(strPayload);
12
verify.end();
13
14
/*true or false*/
15
return verify.verify(publicKey, signature, 'base64');
16
}
Copied!
1
<?php
2
3
public function isValidSignature() {
4
$file = "path-to-file/dusupay.public.key.pem";
5
$keyContent = file_get_contents($file);
6
$publicKey = openssl_get_publickey($keyContent);
7
$strPayload = "226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.redirecturl.com";
8
$signature = base64_decode("signature-from-query-params");
9
10
/*true or false*/
11
return openssl_verify($strPayload, $signature, $publicKey) == 1;
12
}
13
14
?>
Copied!
Last modified 10mo ago