Card Notification
Card Transaction Failed
After a failed payment, the platform sends a notification to the merchant via the configured webhook. If delivery fails, it will retry 8 times at intervals of 5s, 20s, 1m, 5m, 30m, 2h, 24h.
WEBHOOK
Authorizations
Request Signing
Request signing is used to verify the integrity of messages between the platform and merchants. Signing occurs in two scenarios:
- The merchant server signs requests sent to the PayLoco open platform;
- The PayLoco platform signs asynchronous notifications sent to merchants. PayLoco requires RSA private key signing and RSA public key verification. Developers must use the merchant private key to sign outgoing requests (scenario 1) and the PayLoco public key to verify incoming notifications (scenario 2).
Signing rules:
- Sign
request.bodyusing the merchant private key (SHA256WithRSA: compute SHA-256 hash, then RSA-encrypt with private key to produce the digital signature);
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(privateKey);
// When computing SHA256withRSA, convert byte stream with UTF-8 encoding to avoid incorrect signatures for Chinese parameters
signature.update(request.body);
byte[] signedHash = signature.sign();- Base64-encode the signed result;
String signature = Base64.getEncoder().encodeToString(signedHash);- Place the encoded value in the
signaturerequest header. Note: signing applies to request.body. When request.body is empty (e.g. query requests), no signature is required.
Body
application/json
Merchant ID
Example:
"acct_pIlscIfSOmirDp2SWk-vcQ"
Creation time in RFC3339 format: yyyy-MM-ddTHH:mm:ss.SSSXXX
Example:
"2024-05-24T14:29:32.682+08:00"
Unique identifier for the transaction
Example:
"6c2dc266-09ad-4235-b61a-767c7cd6d6ea"
Message subscription name
Example:
"issuing.transaction.failed"
Version
Example:
"2019-09-09"