Skip to main content
Payblis provides three types of callbacks:
  • Success URL (urlOK): Customer redirection after successful payment
  • Failure URL (urlKO): Customer redirection after failed payment
  • IPN URL (ipnURL): Server-to-server notification

IPN Security

All IPN notifications are signed with HMAC-SHA256. Verify the signature in the X-Payblis-Signature header or in JSON response.
Important Delete Signature before vérification.
PHP Implementation
// Get the signature from the header
$signature = $_SERVER['X-Payblis-Signature'] ?? '';

// Get the raw POST data
$payload = file_get_contents('php://input');

// Calculate the expected signature
$expectedSignature = hash_hmac('sha256', $payload, $your_secret_key);

// Compare signatures
if (!hash_equals($expectedSignature, $signature)) {
    http_response_code(400);
    die('Invalid signature');
}

// Process the IPN data
$data = json_decode($payload, true);

IPN Example

payment.success
{
    "event": "payment.success",
    "merchant_reference": "Order-xxxxxxx",
    "transaction_id": "PAYBxxxxxxx",
    "amount": "14.17",
    "status": "SUCCESS"
    "signature": "6d6c157467d30f54ef4cff0e2a4a3434ef8274cdca77c4bfa228af3d62847492"
}
payment.failed
{
    "event": "payment.failed",
    "merchant_reference": "1098",
    "transaction_id": "PAYB-FAILED-6818766989175",
    "amount": "10",
    "status": "FAILED"
    "signature": "6d6c157467d30f54ef4cff0e2a4a3434ef8274cdca77c4bfa228af3d62847492"
}