Validating the Callback Notification

Code Example: Node.js

This example code showcases how you can validate a callback notification in Node.js. This exact example can be tested in your environment. 

const YOUR_SECRET = 'MWYBMTsGIQJJD4ejB6eMpk8nbAraVydZ' // Replace this with your secret

const CALLBACK_BODY = { 
  "signature": "e1ca4421621c4d795fe3612b1044634595c52ebe1c52225573c310741c9d47b6", // The signature in the callback body
  "data": { 
    "client": { 
      "name": "Optional Customer Name", 
      "email": "[email protected]", 
      "phone": "+18001234567", 
      "referenceID": "123test" 
    }, 
    "paidAmount": 0.1, 
    "subTotal": 0.1, 
    "total": 0.1, 
    "partialPaymentsEnabled": false, 
    "currency": "USDC", 
    "completed": true, 
    "description": "Optional Order Description", 
    "transactions": [
      { 
        "tx": "0xd1c7fe2821a9df5240f3d31e570a760322fa979f84c0655a8f9f857023e7064f", 
        "sender": "0x2F67f1426f33E25A920F0b2139cd460fDfb8997C", 
        "amount": 0.09999999999999999, 
        "cryptoAmount": 100000, 
        "timestamp": "2024-09-05T21:00:27.000Z", 
        "network": "MATIC_POLYGON" 
      }
    ], 
    "createdAt": "2024-09-05T20:59:47.429Z",
    "merchant": { 
      "name": "Business Name", 
      "initiator": "Internal Test POS API 1" 
    }, 
    "id": "66da1bc34f03a871430c1a71" 
  } 
};

/* Callback Validation Logic */

const { createHash } = require('node:crypto'); // createHash is a built-in Node.js module that allows you to create a hash of a string

function createSHA256Hash(object, str) {
  // Convert the object to a string
  const objectString = JSON.stringify(object);

  // Combine the object string and the additional string. Note: The order of the strings is important
  const combinedString = objectString + str;

  // Create a SHA-256 hash
  const hash = createHash('sha256').update(combinedString).digest('hex'); // The digest method is used to return the value of the hash in hexadecimal format

  return hash;
}

// Create a signature using the callback body and your secret
const signature = createSHA256Hash(
  CALLBACK_BODY.data,
  YOUR_SECRET
);

// Compare the signature with the signature in the callback body
if (signature == CALLBACK_BODY.signature) {
  console.log('Match'); // If the signatures match, the callback is valid
} else {
  console.log('Does not match'); // If the signatures do not match, the callback is invalid
}

PreviousCallback Notifications

Last updated