Skip to main content

Frontend Page Notification

The system delivers payment results to the merchant’s specified page via a synchronous redirect. 
Important Notes:
• When your system receives a notification, first check the current status of the corresponding business data.
• If not yet processed, proceed with processing. If already processed, return a success response immediately.
• Before checking or updating business data status, apply a data lock for concurrency control to prevent data inconsistency caused by function re-entry.

Special Notice:
Merchants must perform signature verification on all notification content and validate that the notification data matches the merchant's own records. This prevents "forged notifications" caused by data leaks that could lead to financial loss.

Interface Overview

Request Method: POST Redirect URL: This URL is set via the redirectUrl parameter in the order creation request. It must be an HTTPS URL. Ensure the redirect URL is publicly accessible and does not contain query string parameters — otherwise the merchant may not receive the notification correctly. Example: https://pay.example.com/return/success

Notification Rules

After the user completes payment, PayLoco sends the payment result and user information to the merchant by redirecting to the configured page. The merchant’s page must be able to receive and process this data.

Notification Payload

The payment result notification accesses the merchant’s configured redirect URL using the HTTP POST method. Notification data is transmitted as form fields in the request body and includes the encrypted payment result details.

Callback Overview

Callback messages are used to deliver transaction event notifications, such as payment completions and transfers.

Callback Message Format

  • All callback messages use HTTP POST as an HTML form submission (application/x-www-form-urlencoded).
  • Callback messages include a signature. Merchants must verify the request signature. See Signature Verification for details.

Notification Payload Example

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  </head>
  <body>
    <form id="form" action="https://xx/xx" method="post">
      <input type="hidden" name="traceId" id="traceId" value="123123456" />
      <input type="hidden" name="orderAmount" id="orderAmount" value="5.00" />
      <input type="hidden" name="merchantId" id="merchantId" value="123456789123" />
      <input type="hidden" name="orderId" id="orderId" value="123456789123" />
      <input type="hidden" name="signature" id="signature" value="RpP2NvrwDMobWS6pRr4=" />
      <input type="hidden" name="payMethod" id="payMethod" value="UNIONPAY" />
      <input type="hidden" name="errCode" id="errCode" value="00000000" />
      <input type="hidden" name="currency" id="currency" value="HKD" />
      <input type="hidden" name="merchantOrderId" id="merchantOrderId" value="123456789" />
      <input type="hidden" name="errMessage" id="errMessage" value="Success" />
      <input type="hidden" name="status" id="status" value="SUCCESS" />
    </form>
  </body>
</html>

Signing Rules

  1. Fields included in the signature: All fields except signature are included. Sort fields alphabetically by field name, then serialize to a JSON string before signing.
  2. Signing algorithm: SHA256WithRSA.
  3. Signature rules: Refer to the Signing Tool documentation.