Skip to main content

Integration Best Practices

Signature Verification to avoid data tampering

This is a mandatory step to confirm the authenticity of the details returned to you on the return URL for successful payments.

  1. Convert the response received on the return URL into a string (remove secret and secret type params)
  2. Sort the string alphabetically
  3. Hash the payload with your secret key using SHA256
  4. Match the generated signature with the one received in the response from Plural

For detailed guides on Signature verification steps for each API refer to the Signature Verification section of the API guides. For Accept Payments
For Inquiry and Refunds API
For Webhooks

Check payment status before providing services

Check if the payment status is in the success state .i.e. : "ppc_Parent_TxnStatus = 4" and "ppc_ParentTxnResponseCode = 1" before providing the services to the customers

  1. One Inquiry API call (Fetch payment using "ppc_UniqueMerchantTxnID") right after the Transaction
  2. Run Inquiry API periodically for the payments in initiated state

Webhook Implementation

Implement webhooks to avoid call-back failures (drop offs due to connectivity/network issues)

  1. Payment.captured
  2. Payment.failed

TLS Version

We support "TLS_v_1.2" and above which is strongly recommended. Kindly ensure you are using higher TLS versions to avoid any transaction failures

Note

  1. In UAT, only CC/DC, Net banking (via IDBI), and EMI can be tested.
  2. Production credentials will be provided post UAT sign-off to test all flows in the soft production environment before go live.
  3. Return URL and Webhook URL to be shared before go-live for configuration and whitelisting at Pine's end.