Merchant Redirect

The structure

At our end, we append the redirect parameters to the URL that's set in the initial collection request by you. The final redirect URL would look like the following;

https://redirect_url?id=&merchant_reference=&kitegateway_reference=&status=&message=&signature=

redirect_url

It must be secured by SSL. ie, it must start with https://

Description of the query parameters that we append

Parameter

Type

Description

string

The transaction ID of the transaction

merchant_reference

string

Your generated merchant transaction id for the transaction

kitegateway_reference

string

The Kitegateway payment reference of the transaction

status

string

The transaction status. Values can be one of;

PENDING - When a payment is in the queue for processing, CANCELLED - If a customer cancels a payment,

FAILED - When a payment fails for some reason

COMPLETED - When a payment is successfully completed

message

string

Information describing the status of the transaction

signature

string

The RSA signature generated by Kitegateway. This can optionally be verified by the merchant to ensure that the redirect comes from Kitegateway before providing service to the customer

1. We strongly recommend you check for the availability of these parameters in the URL and also confirm that the references correspond to the data available in your application.

2. Further we assert that you should verify the signature so that you are sure that the request is coming from our servers. This way the legitimacy of the redirect is affirmed.

How to verify redirect signature (Optional)

This section describes the steps taken to verify the signature using sample query parameters. Assume that the redirect URL is as follows;

https://your.redirecturl?id=8828827777762662662662&merchant_reference=merc-19928288-282772&kitegateway_reference=PL4889KJSuSUUSH&status=COMPLETED&message=Transaction%20Completed%20Successfully&signature=c0K46co6bmQkoDW8XjEWQ7nBAteBo5

Form the string payload to be used in the signature verification. This is obtained by concatenating values of the redirect data in the format; id:merchant_reference:kitegateway_reference:status:redirect_url where redirect_url is the value you specified for the redirect_url parameter when making the initial collection request.
The string payload in our example would therefore be the following;

2888377377379926:MERC-6778J-KL8UN:PL377399-KTHHSH-888766:COMPLETED:https://your-redirecturl

3. Download the public key as described here.

4. Use the public key to verify the signature as described in the sample source code below

const crypto = require('crypto');
const fs = require('fs');

function isSignatureValid() {
    const strPayload = "2888377377379926:MERC-6778J-KL8UN:PL377399-KTHHSH-888766:COMPLETED:https://your-redirecturl";
    const signature = "signature-from-query-params";
    const publicKeyFile = "path-to-file/kitegateway.public.key.pem";
    const publicKey = fs.readFileSync(publicKeyFile).toString().replace(/\\n/g, '\n');

    const verify = crypto.createVerify("SHA512");
    verify.write(strPayload);
    verify.end();

    // true or false
    return verify.verify(publicKey, signature, 'base64');
}

<?php
public function isSignatureValid() {
    $file = "path-to-file/kitegateway.public.key.pem";
    $keyContent = file_get_contents($file);
    $publicKey = openssl_get_publickey($keyContent);
    $strPayload = "2888377377379926:MERC-6778J-KL8UN:PL377399-KTHHSH-888766:COMPLETED:https://your-redirecturl";
    $signature = base64_decode("signature-from-query-params");

    // true or false
    return openssl_verify($strPayload, $signature, $publicKey, OPENSSL_ALGO_SHA512) == 1;
}

?>

PreviousCrypto Payment NextRefund post request

Last updated 3 months ago