Merchant Redirect
For all Bank, Card and Crypto collection requests, a redirect URL is a mandatory parameter. This is the URL that DusuPay redirects to when the status of the transaction changes. Details follow..
The final redirect URL would look like the following. DusuPay basically appends the redirect parameters to the URL that's set in the initial collection request
https://redirect_url?id=&reference=&internal_reference=&status=&message=&signature=
Below is a description of all the query parameters that DusuPay appends
Parameter | Type | Description |
id | integer | The transaction ID generated by DusuPay |
reference | string | The merchant reference for this particular transaction |
internal_reference | string | The internal reference generated by DusuPay for this transaction |
status | string | The transaction status. Values can be one of; PENDING, CANCELLED, FAILED or COMPLETED. These are described here |
message | string | The message describing the status |
signature | string | The RSA signature generated by DusuPay. This can optionally be verified by the merchant to ensure that the redirect comes from DusuPay before giving value/service to the customer |
We strongly recommend that merchants check for the availability of these parameters in the URL and also confirm that the references correspond to the data already available in their systems. This is one other way to ascertain the legitimacy of the redirect
This section describes the steps taken to verify the signature using sample query parameters. Assume that the redirect URL is as follows;
https://www.redirecturl.com?id=226&reference=2e474cf19b71&internal_reference=DUSUPAY405GZM1G5JXGA71IK&status=COMPLETED&message=Transaction%20Completed%20Successfully&signature=c0K46co6bmQkoDW8XjEWQ7nBAteBo5E0HLKnLaJr8g5tQO2suVgB1gzp1y5fjCl8EOUt77hw9XealtkyBLk7VcYJoN6PVjxpHO3kCim_3rmWZqxhISy9jVnl03ZCz9GG7Tn4NS8PU14hgn9gF1wrfXMwUpiCezcVcBxg-m0L6XSqckLTudGTb7mJgIpYCRdrj2FbpFzhB1e2xCJ5NbSc4nXA9_XrylTnD1wiO_iFEkD5ZbaH-IfYnTN7SOt6slgvrgsMGe4PI2PiHSuW97xf21n4Lt0pB1MVpKYIA5CHJORvxv8yAxODJGnKT93VxjIdfFd1Kkh-QfkC4upyXBbPlJKmRAcaCcUgVYQccrbuEgZ_ouVLdyo6h1q4-l7AKKl7W0Nx-U_HbhpvAUCe4kLHX9CyeJgDA8xB1fkyVTbpBTbw4h0iTP_98VUy0jCMJMYWkObPLI9K1FMYFgfFgdDy6LMIPb4-dBlPkevH9ZIPKE2N60vQFd9zRH2-J8LGCemqncVZlbi6jIzmy1Z2ylPQ772-fhT9tPJGlMsPw7bLcsRrDGulwHgO1dxHXpKJcb0OjkIxlQgTfHqLyyuqgyWcJJkoAmWMwmtnhIdJUmiD7V_UdZ3lLVP52VhEUqJhlWzVX7AmvK00WUkffut8uqgAqKbsSwgPEffp6RZxPvjJJAA
The signature string used in the example is valid and you can test verification with it. You can directly copy it from the section below
c0K46co6bmQkoDW8XjEWQ7nBAteBo5E0HLKnLaJr8g5tQO2suVgB1gzp1y5fjCl8EOUt77hw9XealtkyBLk7VcYJoN6PVjxpHO3kCim_3rmWZqxhISy9jVnl03ZCz9GG7Tn4NS8PU14hgn9gF1wrfXMwUpiCezcVcBxg-m0L6XSqckLTudGTb7mJgIpYCRdrj2FbpFzhB1e2xCJ5NbSc4nXA9_XrylTnD1wiO_iFEkD5ZbaH-IfYnTN7SOt6slgvrgsMGe4PI2PiHSuW97xf21n4Lt0pB1MVpKYIA5CHJORvxv8yAxODJGnKT93VxjIdfFd1Kkh-QfkC4upyXBbPlJKmRAcaCcUgVYQccrbuEgZ_ouVLdyo6h1q4-l7AKKl7W0Nx-U_HbhpvAUCe4kLHX9CyeJgDA8xB1fkyVTbpBTbw4h0iTP_98VUy0jCMJMYWkObPLI9K1FMYFgfFgdDy6LMIPb4-dBlPkevH9ZIPKE2N60vQFd9zRH2-J8LGCemqncVZlbi6jIzmy1Z2ylPQ772-fhT9tPJGlMsPw7bLcsRrDGulwHgO1dxHXpKJcb0OjkIxlQgTfHqLyyuqgyWcJJkoAmWMwmtnhIdJUmiD7V_UdZ3lLVP52VhEUqJhlWzVX7AmvK00WUkffut8uqgAqKbsSwgPEffp6RZxPvjJJAA
- 1.Form the string payload to be used in the signature verification. This is obtained by concatenating values of the redirect data in the format;
id:internal_reference:status:redirect_urlwhere redirect_url is the value you set for the redirect_url parameter when making the initial collection request in this case, that value ishttps://www.redirecturl.com
2. The string payload in our example would therefore be the following;
226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.redirecturl.com
4. Use the stored public key to verify the signature as described in the sample source codes below
JavaScript
PHP
const crypto = require('crypto');
const fs = require('fs');
function isValidSignature() {
const strPayload = "226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.redirecturl.com";
const signature = "signature-from-query-params";
const publicKeyFile = "path-to-file/dusupay.public.key.pem";
const publicKey = fs.readFileSync(publicKeyFile).toString().replace(/\\n/g, '\n');
const verify = crypto.createVerify("SHA512");
verify.write(strPayload);
verify.end();
/*true or false*/
return verify.verify(publicKey, signature, 'base64');
}
<?php
public function isValidSignature() {
$file = "path-to-file/dusupay.public.key.pem";
$keyContent = file_get_contents($file);
$publicKey = openssl_get_publickey($keyContent);
$strPayload = "226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.redirecturl.com";
$signature = base64_decode("signature-from-query-params");
/*true or false*/
return openssl_verify($strPayload, $signature, $publicKey) == 1;
}
?>
Last modified 2yr ago