Re-query Payment
Re-query the payment with xpresspay.
After the user has successfully paid, you need to verify that the payment was successful with Xpresspay before giving value to your customer on your website.
Although the Xpresspay inline already verifies the payment from the client side, we strongly recommend you still do a server-side verification to be double sure no foul play occurred during the payment flow.
Below are the important things to check for when validating the payment:
Verify the transaction reference.
Verify the data.paymentResponseCode of the transaction to be successful(000).
Verify the currency to be the expected currency
Most importantly validate the amount paid to be equal to or at least greater than the amount of the value to be given.
Below are sample code snippets showing how to implement server-side validation in different programming languages
Replace the url when pointing live to https://api.xpresspayonline.com/v1/payments/query
Replace when pointing to live from
https://xpresspayonlineapisandbox.xpresspayments.com/v1/payments/query
to
https://api.xpresspayonline.com/v1/payments/query
curl --request POST \
--url https://xpresspayonlineapisandbox.xpresspayments.com/v1/payments/query \
--header 'content-type: application/json' \
--data '{"publicKey": "<YOUR PUBLIC KEY>", "transactionId": "<YOUR TRANSACTION ID>"}'
<?php
$result = array();
$postdata = array(
'publicKey' => 'XPPUBK-ead4d14d9ded04aer5d5b63a0a06d2f-X',
'transactionId' => 'MXX-ASC-4578'
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://xpresspayonlineapisandbox.xpresspayments.com/v1/payments/query");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,json_encode($postdata)); //Post Fields
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$headers = [
'Content-Type: application/json',
];
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$request = curl_exec ($ch);
$err = curl_error($ch);
if($err){
// there was an error contacting xpresspayonline
die('Curl returned error: ' . $err);
}
curl_close ($ch);
$result = json_decode($request, true);
if('null' != $result->error){
// there was an error from the API
die('API returned error: ' . $result->message);
}
if('000' == $result->data->payment->paymentResponseCode){
// transaction was successful...
// please check other things like whether you already gave value for this ref
// If the amount and currency matches the expected amount and currency etc.
// if the email matches the customer who owns the product etc
// Give value
}
//Endpoint to verify transaction
private final String REQUERY_ENDPOINT = "https://xpresspayonlineapisandbox.xpresspayments.com/v1/payments/query";
/**
*
* Method to
*
* @param paymententity - <b>paymententity - set as a constant with default value as 1</b>
* @param transactionId - <b>transactionId - is the unique payment reference generated by the merchant.</b>
* @param publicKey - <b>publicKey - is the merchant public key</b>
* @param paymentType - <b>PaymentType - is the transaction payment type (CARD/ACCOUNT/QR/USSD/WALLET)</b>
* @return
* @throws UnirestException
*/
public JSONObject verify(String transactionId, String publicKey, double amount, String paymentType) throws UnirestException, Exception {
// This packages the payload
JSONObject data = new JSONObject();
data.put("transactionId", transactionId);
data.put("publicKey", publicKey)
// end of payload
// This sends the request to server with payload
HttpResponse<JsonNode> response = Unirest.post(REQUERY_ENDPOINT)
.header("Content-Type", "application/json")
.body(data)
.asJson();
// This get the response from payload
JsonNode jsonNode = response.getBody();
// This get the json object from payload
JSONObject responseObject = jsonNode.getObject();
// check of no object is returned
if(responseObject == null)
throw new Exception("No response from server");
// This get status from returned payload
String status = responseObject.optString("status", null);
String error = responseObject.optString("error", null);
// this ensures that status is not null
if(status == null)
throw new Exception("Transaction status unknown");
// This confirms the transaction exist on xpresspayonline
if(!"null".equalsIgnoreCase(error)){
String message = responseObject.optString("message", null);
throw new Exception(message);
}
data = responseObject.getJSONObject("data");
// This get the amount stored on server
double actualAmount = data.getDouble("amount");
// This validates that the amount stored on client is same returned
if(actualAmount != amount)
throw new Exception("Amount does not match");
// now you can give value for payment.
}
var data = new {transactionId = "MXX-ASC-4578", publicKey = "XPPUBK-e6db11d1f8a6208de8cb2f94e293450e-X"};
var client = new HttpClient();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var responseMessage = client.PostAsJsonAsync("https://xpresspayonlineapisandbox.xpresspayments.com/v1/payments/query", data).Result;
var responseStr = responseMessage.Content.ReadAsStringAsync().Result;
var response = Newtonsoft.Json.JsonConvert.DeserializeObject<ResponseData>(responseStr);
if (response.data.payment.paymentResponseCode == "000" && response.data.amount == amount )
{
System.Console.WriteLine("Payment Successful then give value");
}
Re-query Payment Response
{
"status": "SUCCESS",
"data": {
"payment": {
"paymentResponseCode": "000",
"paymentResponseMessage": "successful",
"uniqueKey": "6ce13c57aa",
"transactionId": "null-MXX1-QR-4578",
"deviceFingerPrint": "69e6b7f0sb72037aa8428b70fbe03986c",
"cycle": "one-time",
"amount": "300",
"currency": "NGN",
"chargedAmount": "300",
"appFee": "4.2",
"merchantFee": "0",
"merchantBearsFee": "1",
"chargeCode": "00",
"chargeMessage": "QR GENERATED. PENDING VALIDATION",
"authModel": "MVISA-QR",
"ip": "103.238.105.185",
"narration": "Xpress Payments",
"status": "successful",
"vbvCode": "N/A",
"vbvMessage": "N/A",
"authUrl": "NO-URL",
"accountCode": "00",
"accountMessage": "successful",
"paymentType": "mvisa-qr",
"paymentId": "118",
"fraudStatus": "ok",
"chargeType": "normal",
"createdDay": "1",
"createdDayName": "MONDAY",
"createdWeek": "5",
"createdMonth": "0",
"createdMonthName": "JANUARY",
"createdQuarter": "1",
"createdYear": "2019",
"createdYearIsLeap": "false",
"createdDayIsPublicHoliday": "0",
"createdHour": "11",
"createdMinute": "8",
"createdPmAm": "am",
"created": null,
"customerId": "79997",
"customerPhone": "090882232",
"customerNetworkProvider": "UNKNOWN PROVIDER",
"customerName": "Ade Test",
"customerEmail": "[email protected]",
"customerEmailProvider": "COMPANY EMAIL",
"customerCreated": "2019-01-28T10:48:51.000Z",
"accountId": "509",
"accountBusinessName": "Xpress Payments",
"accountContactPerson": "Taofeek Gidado",
"accountCountry": "NG",
"accountBearsFeeAtTransactionTime": "1",
"accountParent": "1",
"accountVpcMerchant": "N/A",
"accountAlias": null,
"accountIsLiveApproved": "0",
"orderReference": "RV46FDC384C30FE0",
"paymentPlan": null,
"paymentPage": null,
"accountNumber": null,
"bankCode": null,
"firstName": null,
"lastName": null,
"accountIsBlackListed": null,
"accountToken": null,
"createdAt": "2019-01-28T11:35:32.61",
"updatedAt": "2019-01-28T13:03:16.752"
}
}
}
Updated over 4 years ago
What’s Next