Redirects and Webhooks

Under this tab you will find critical integration settings needed to fully integrate your system with our payment gateway. We highly recommend you follow our best practices for the best integration process and for highest security.

Redirects

If you are using our Web Checkout integration users will be presented with our hosted checkout page to enter their payment details and complete the payment. The checkout process will either complete with a success or failed transaction. Redirects are URLs provided by you to forward users after the checkout process has been completed back to your website or application. You are prompted to provide us with a successful redirect URL for a successful payment and a failed redirect URL for a failed payment.

Webhook Configuration

Webhooks are the means by which our payment gateway notifies your backend of a payment event. Whenever a successful or failed payment occurs, we use a webhook to send you a notification of the event.

To set up a webhook make available a public HTTPS URL that receives our notifications. Enter the URL into the dashboard. Once entered, our system will send a POST request to your URL when any payment event occurs (successful, failed, cancelled). For webhook security we highly recommend adding a webhook secret key along with your webhook URL. Your webhook secret key will be used to generate a secure hash for you to verify on your server. Please choose a secret key with sufficient length! Our webhook request will contain a JSON body with the following format:

WEBHOOK REQUEST
JSON

Body:
{
  "clientReferenceId": <Your reference ID>, // Provided to us through our API
  "paymentReferenceId": 01JXF7HSW41P9FCG9YN6Z094XR, // Our payment reference ID
  "status": "SUCCESSFUL", //Could be any one of "SUCCCESSFUL", "FAILED" or "CANCELLED"
  "secretHash": "98f4df6803894eb875d62efeeb953bc2f170bfd93f5dd21128d514a9c01dba05"
  // SHA256(webhookSecret + status + clientReferenceId + paymentReferenceId)
}

For more information on implementing secure webhooks, we recommend reading:

Please make sure you are correctly authenticating all webhook requests using the bearer token! For additional security, we provide our public IP that you will receive notifications from. We highly recommend whitelisting our IP through your firewall!

After receiving a webhook notification, you can verify the payment status in the Transactions tab of your dashboard.

Critical: Webhooks are considered delivered provided your backend responds with a 2XX HTTP response. The request body is not taken into consideration! If a non 2XX response is provided, our system will retry the webhook for 24 hours until a successful response is achieved. Otherwise the transaction will be labeled as a dispute!

Related Documentation

System Overview

Understand YallaPay's payment system architecture and how different components interact. Learn about our payment flow, security measures, and integration options.

Web Checkout

Implement our hosted checkout solution for websites and mobile apps. Learn how to generate payment links, handle redirects, and process transactions using our web checkout API.

Direct API

Implement direct API integration for OTP payment methods. Learn the three-step process of obtaining payment intent, requesting OTP, and confirming payment with complete code examples.

Previous
Mobile SDK
Next
Checking Payment Status