May Sale! All accounts are 40% off this week.

elo's avatar
elo
OP
6 years ago
Level 3

How to setup a callback API endpoint that recieves payment status from a payment gateway

I am trying to figure out how to setup a callback url to receive payment status from a payment gateway.

Here's a summary of the whole setup. I have built the backend (API endpoints) with Laravel 5.8 that will be consumed by a react app and a mobile app. Both apps will be using the payment gateway web and mobile sdks to initiate payment transactions.

Then the payment gateway should respond with a payment status by calling the callback api I need to set up.

This is my first attempt at doing something like this so pardon me if I am way off but here's what I have written

Callback endpoint

Route::post('order/payment/status', 'PaymentController@getStatus'); // receives payment status

PaymentController getstatus() method

public function getStatus(Request $request)
    {
        $paymentMethod          = $request->paymentMethod;
        $amount                 = $request->amount;
        $providerCode           = $request->provider;
        $customerName           = $request->customerName;
        $customerEmail          = $request->customerEmail;
        $paymentDescription     = $request->paymentDescription;
        $paymentStatus          = $request->paaymentStatus;
        $transactionReference   = $request->transactionReference;

        // update my record based on the paymentStatus
    }

Is this the proper way to do it? I feel like it should be a get request and not a post. Please help.

0 likes
1 reply
Braunson's avatar

I'm not sure what Payment Processor you are using but you would look at their dev docs to see what is being sent to your server when you provide them with a webhook. Are they providing a POST or GET request?

They should also provide you with some information as to what they are POSTing. Typically a webhook will be a POST especially when they are sending you a bunch of data.

So check your PP's dev docs to see what they send you and how. Outside of that it's up to you to do with the $request as you choose.

As an example, MailGun will POST to a webhook URL I provide. I used their docs to find out what they POST to me and I actually validate the incoming request (using custom Middleware) well I validate the signature included in the request.

So check the docs, and what you are provided with do what you need to with the $request :)

1 like

Please or to participate in this conversation.