For all Bank, Card and Crypto collection requests, a redirect URL is a mandatory parameter. This is the URL that DusuPay redirects to when the status of the transaction changes. Details follow..
Redirect URL Structure
The final redirect URL would look like the following. DusuPay basically appends the redirect parameters to the URL that's set in the initial collection request
Below is a description of all the query parameters that DusuPay appends
Parameter
Type
Description
id
integer
The transaction ID generated by DusuPay
reference
string
The merchant reference for this particular transaction
internal_reference
string
The internal reference generated by DusuPay for this transaction
status
string
message
string
The message describing the status
signature
string
The RSA signature generated by DusuPay. This can optionally be verified by the merchant to ensure that the redirect comes from DusuPay before giving value/service to the customer
We strongly recommend that merchants check for the availability of these parameters in the URL and also confirm that the references correspond to the data already available in their systems. This is one other way to ascertain the legitimacy of the redirect
Redirect Signature Verification (Optional)
This section describes the steps taken to verify the signature using sample query parameters. Assume that the redirect URL is as follows;
Form the string payload to be used in the signature verification. This is obtained by concatenating values of the redirect data in the format; id:internal_reference:status:redirect_url where redirect_url is the value you set for the redirect_url parameter when making the initial collection request in this case, that value is https://www.redirecturl.com
2. The string payload in our example would therefore be the following;
3. Download the public key and store it in a file as described here.
4. Use the stored public key to verify the signature as described in the sample source codes below
constcrypto=require('crypto');constfs=require('fs');functionisValidSignature() {conststrPayload="226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.redirecturl.com";constsignature="signature-from-query-params";constpublicKeyFile="path-to-file/dusupay.public.key.pem";constpublicKey=fs.readFileSync(publicKeyFile).toString().replace(/\\n/g,'\n');constverify=crypto.createVerify("SHA512");verify.write(strPayload);verify.end();/*true or false*/returnverify.verify(publicKey, signature,'base64');}