Notifications
Learn about how to integrate notification interfaces provided by APO.
Features
The supported products and description of these notifications are shown in the following table:
Notification interfaces | Cashier Payment | Auto Debit | User-presented Mode Payment | Order Code Payment | Entry Code Payment | APO | Description |
✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | Send the payment result to you when the payment processing reaches a final state of success or failure. The parameter result.resultStatus indicates the payment result.
| |
✔️ | ❌ | ❌ | ❌ | ❌ | ✔️ | Send the capture result to you when the capture processing reaches a final state of success or failure. The parameter result.resultStatus indicates the capture result.
| |
❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | Send the asset binding result information to you when asset binding reaches the final state of success or failure. The result.resultStatus field indicates the result of asset binding:
|
Table 1. Capabilities of notifications
Configure receiving address
You can configure the receiving address of each notification via an interface or in Antom Developer Center. If you use both ways to specify the address, the URL configured in the API takes precedence.
Notification interface | Configure in API | Configure in Antom Developer Center |
notifyPayment | Specify the paymentNotifyUrl field in the pay or createPaymentSession API. | Edit Notification URL in the Integration Settings tab of Antom Developer Center: Figure 1. Configure the receiving address in Antom Developer Center |
notifyCapture | Specify the paymentNotifyUrl field in the pay or createPaymentSession API. | |
notifyValuting | Specify the vaultingNotificationUrl field in the createValutingSession |
Table 2. Receiving address configuration
Process the notification
1. Verify the signature
The result notification from APO is signed by APO. It is recommended to verify the signature and check whether the notification is sent by APO. You can verify the signature by yourself or by using APO SDK.
To verify the signature by yourself, see Sign a request and validate the signature. To use APO SDK, specify the values for the corresponding parameters in the SignatureTool.verify method provided in SDKs:
boolean isSuccess = SignatureTool.verify(httpMethod, path, clientId, rspTimeStr, rspBody, signature, alipayPublicKey);
The value of signature is from the notification header. The following example shows a notification header:
"Content-Type": "application/json", "Request-Time": "2019-07-12T12:08:56+05:30", "client-id": "T_111222333", "Signature": "algorithm=RSA256,keyVersion=1,signature=jTOHqknjk%2fnDjEn8lfg%2beNODdoh2eHGJV%2blvrKaDwP782WxJ7ro49giqUu23MUM8sFVVNvhg32qHS3sd4O6uf5kAVLqztqNOPJFZcjw141EVi1vrs%2bIB4vU0%2fK%2f8z2GyWUByh2lHOWFsp%2b5QKCclXp%2bjacYqWYUur5IVbuebR1LoD5IiJ7u7J9qYriFxodkxmIAJYJyJs7mks2FWHh2YePLj3K%2f4B65idy7RBKqY1NN1XcvqnbQmlfCH8CIv75bg%2fr9sGmPE5a%2bYgL8N9Q41buGwMSq1IcNsbceMbyPhw5Z5HnJ7tPz12fvdSi0cEicPikDthQ2EQFmtpntXcAc%2fHA%3d%3d"
2. Return a receipt acknowledgment message
After verifying the signature and confirming that the notification is from APO, you need to return a receipt acknowledgment message to APO to inform APO of a successful receipt of the notification. No digital signature is required for the process of returning a receipt acknowledgment message.
The example below shows the header of the message you send to APO:
"Content-Type": "application/json", "response-time": "2019-07-12T12:08:56+05:30", "client-id": "T_111222333",
The example below shows the body of the message you send to APO:
{
"result": {
"resultCode": "SUCCESS",
"resultStatus": "S",
"resultMessage": "Success"
}
}
If no such message is returned to APO due to operation or network issues, APO will automatically resend the asynchronous notification within 24 hours for up to seven times or until the correct response is received. The sending intervals are as follows: 0 sec, 2 min, 10 min, 10 min, 1 h, 2 h, 6 h, and 15 h.
Note: Record the processed notifications received from APO for a payment request, and properly handle the idempotency to avoid processing a single request multiple times.