# Merchant Redirect ### The structure At our end, we append the redirect parameters to the URL that's set in the initial collection request by you. The final redirect URL would look like the following; ```http https://redirect_url?id=&merchant_reference=&kitegateway_reference=&status=&message=&signature= ``` {% hint style="danger" %} #### redirect\_url It must be secured by **SSL.** ie, it must start with **https\://** {% endhint %} Description of the query parameters that we append | Parameter | Type | Description | | ---------------------- | ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | id | string | The transaction ID of the transaction | | merchant\_reference | string | Your generated merchant transaction id for the transaction | | kitegateway\_reference | string | The Kitegateway payment reference of the transaction | | status | string |

The transaction status. Values can be one of;

PENDING - When a payment is in the queue for processing, CANCELLED - If a customer cancels a payment,

FAILED - When a payment fails for some reason

COMPLETED - When a payment is successfully completed

| | message | string | Information describing the status of the transaction | | signature | string | The RSA signature generated by **Kitegateway**. This can optionally be verified by the merchant to ensure that the redirect comes from **Kitegateway** before providing service to the customer | {% hint style="warning" %} 1\. We strongly recommend you check for the availability of these parameters in the URL and also confirm that the references correspond to the data available in your application. 2\. Further we assert that you should verify the signature so that you are sure that the request is coming from our servers. This way the legitimacy of the redirect is affirmed. {% endhint %} ### How to verify redirect signature (Optional) This section describes the steps taken to verify the signature using sample query parameters. Assume that the redirect URL is as follows; ```http https://your.redirecturl?id=8828827777762662662662&merchant_reference=merc-19928288-282772&kitegateway_reference=PL4889KJSuSUUSH&status=COMPLETED&message=Transaction%20Completed%20Successfully&signature=c0K46co6bmQkoDW8XjEWQ7nBAteBo5 ``` 1. Form the string payload to be used in the signature verification. This is obtained by concatenating values of the redirect data in the format; `id:merchant_reference:kitegateway_reference:status:redirect_url` where redirect\_url is the value you specified for the **redirect\_url** parameter when making the initial collection request. 2. The string payload in our example would therefore be the following; ```bash 2888377377379926:MERC-6778J-KL8UN:PL377399-KTHHSH-888766:COMPLETED:https://your-redirecturl ``` 3\. Download the public key as described [here](/receiving-money/direct-card-payment.md#2-downloading-public-key). 4\. Use the public key to verify the signature as described in the sample source code below {% tabs %} {% tab title="JavaScript" %} ```javascript const crypto = require('crypto'); const fs = require('fs'); function isSignatureValid() { const strPayload = "2888377377379926:MERC-6778J-KL8UN:PL377399-KTHHSH-888766:COMPLETED:https://your-redirecturl"; const signature = "signature-from-query-params"; const publicKeyFile = "path-to-file/kitegateway.public.key.pem"; const publicKey = fs.readFileSync(publicKeyFile).toString().replace(/\\n/g, '\n'); const verify = crypto.createVerify("SHA512"); verify.write(strPayload); verify.end(); // true or false return verify.verify(publicKey, signature, 'base64'); } ``` {% endtab %} {% tab title="PHP" %} ```php ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.kitegateway.com/receiving-money/merchant-redirect.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.