Merchant Redirect

For all Bank, Card and Crypto collection requests, a redirect URL is a mandatory parameter. This is the URL that DusuPay redirects to when the status of the transaction changes. Details follow..

Redirect URL Structure
The final redirect URL would look like the following. DusuPay basically appends the redirect parameters to the URL that's set in the initial collection request
https://redirect_url?id=&reference=&internal_reference=&status=&message=&signature=
Below is a description of all the query parameters that DusuPay appends
Parameter
Type
Description
id
integer
The transaction ID generated by DusuPay
reference
string
The merchant reference for this particular transaction
internal_reference
string
The internal reference generated by DusuPay for this transaction
status
string
The transaction status. Values can be one of; PENDING, CANCELLED, FAILED or COMPLETED. These are described here​
message
string
The message describing the status
signature
string
The RSA signature generated by DusuPay. This can optionally be verified by the merchant to ensure that the redirect comes from DusuPay before giving value/service to the customer
 We strongly recommend that merchants check for the availability of these parameters in the URL and also confirm that the references correspond to the data already available in their systems. This is one other way to ascertain the legitimacy of the redirect
Redirect Signature Verification (Optional)
This section describes the steps taken to verify the signature using sample query parameters. Assume that the redirect URL is as follows; 
https://www.redirecturl.com?id=226&reference=2e474cf19b71&internal_reference=DUSUPAY405GZM1G5JXGA71IK&status=COMPLETED&message=Transaction%20Completed%20Successfully&signature=c0K46co6bmQkoDW8XjEWQ7nBAteBo5E0HLKnLaJr8g5tQO2suVgB1gzp1y5fjCl8EOUt77hw9XealtkyBLk7VcYJoN6PVjxpHO3kCim_3rmWZqxhISy9jVnl03ZCz9GG7Tn4NS8PU14hgn9gF1wrfXMwUpiCezcVcBxg-m0L6XSqckLTudGTb7mJgIpYCRdrj2FbpFzhB1e2xCJ5NbSc4nXA9_XrylTnD1wiO_iFEkD5ZbaH-IfYnTN7SOt6slgvrgsMGe4PI2PiHSuW97xf21n4Lt0pB1MVpKYIA5CHJORvxv8yAxODJGnKT93VxjIdfFd1Kkh-QfkC4upyXBbPlJKmRAcaCcUgVYQccrbuEgZ_ouVLdyo6h1q4-l7AKKl7W0Nx-U_HbhpvAUCe4kLHX9CyeJgDA8xB1fkyVTbpBTbw4h0iTP_98VUy0jCMJMYWkObPLI9K1FMYFgfFgdDy6LMIPb4-dBlPkevH9ZIPKE2N60vQFd9zRH2-J8LGCemqncVZlbi6jIzmy1Z2ylPQ772-fhT9tPJGlMsPw7bLcsRrDGulwHgO1dxHXpKJcb0OjkIxlQgTfHqLyyuqgyWcJJkoAmWMwmtnhIdJUmiD7V_UdZ3lLVP52VhEUqJhlWzVX7AmvK00WUkffut8uqgAqKbsSwgPEffp6RZxPvjJJAA
The signature string used in the example is valid and you can test verification with it. You can directly copy it from the section below
c0K46co6bmQkoDW8XjEWQ7nBAteBo5E0HLKnLaJr8g5tQO2suVgB1gzp1y5fjCl8EOUt77hw9XealtkyBLk7VcYJoN6PVjxpHO3kCim_3rmWZqxhISy9jVnl03ZCz9GG7Tn4NS8PU14hgn9gF1wrfXMwUpiCezcVcBxg-m0L6XSqckLTudGTb7mJgIpYCRdrj2FbpFzhB1e2xCJ5NbSc4nXA9_XrylTnD1wiO_iFEkD5ZbaH-IfYnTN7SOt6slgvrgsMGe4PI2PiHSuW97xf21n4Lt0pB1MVpKYIA5CHJORvxv8yAxODJGnKT93VxjIdfFd1Kkh-QfkC4upyXBbPlJKmRAcaCcUgVYQccrbuEgZ_ouVLdyo6h1q4-l7AKKl7W0Nx-U_HbhpvAUCe4kLHX9CyeJgDA8xB1fkyVTbpBTbw4h0iTP_98VUy0jCMJMYWkObPLI9K1FMYFgfFgdDy6LMIPb4-dBlPkevH9ZIPKE2N60vQFd9zRH2-J8LGCemqncVZlbi6jIzmy1Z2ylPQ772-fhT9tPJGlMsPw7bLcsRrDGulwHgO1dxHXpKJcb0OjkIxlQgTfHqLyyuqgyWcJJkoAmWMwmtnhIdJUmiD7V_UdZ3lLVP52VhEUqJhlWzVX7AmvK00WUkffut8uqgAqKbsSwgPEffp6RZxPvjJJAA
1.Form the string payload to be used in the signature verification. This is obtained by concatenating values of the redirect data in the format; id:internal_reference:status:redirect_url where redirect_url is the value you set for the redirect_url parameter when making the initial collection request in this case, that value is https://www.redirecturl.com
2. The string payload in our example would therefore be the following;
226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.redirecturl.com
​
3. Download the public key and store it in a file as described here.
4. Use the stored public key to verify the signature as described in the sample source codes below
JavaScript
PHP
const crypto = require('crypto');
const fs = require('fs');
​
function isValidSignature() {
 const strPayload = "226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.redirecturl.com";
 const signature = "signature-from-query-params";
 const publicKeyFile = "path-to-file/dusupay.public.key.pem";
 const publicKey = fs.readFileSync(publicKeyFile).toString().replace(/\\n/g, '\n');
​
 const verify = crypto.createVerify("SHA512");
 verify.write(strPayload);
 verify.end();
​
 /*true or false*/
 return verify.verify(publicKey, signature, 'base64');
}
<?php
​
public function isValidSignature() {
 $file = "path-to-file/dusupay.public.key.pem";
 $keyContent = file_get_contents($file);
 $publicKey = openssl_get_publickey($keyContent);
 $strPayload = "226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.redirecturl.com";
 $signature = base64_decode("signature-from-query-params");
​
 /*true or false*/
 return openssl_verify($strPayload, $signature, $publicKey) == 1;
}
​
?>

Webhook Trigger

Next - FAQ's

Webhook hash

Last modified 2yr ago

Parameter	Type	Description
id	integer	The transaction ID generated by DusuPay
reference	string	The merchant reference for this particular transaction
internal_reference	string	The internal reference generated by DusuPay for this transaction
status	string	The transaction status. Values can be one of; PENDING, CANCELLED, FAILED or COMPLETED. These are described here
message	string	The message describing the status
signature	string	The RSA signature generated by DusuPay. This can optionally be verified by the merchant to ensure that the redirect comes from DusuPay before giving value/service to the customer