Notifications on Callback URL
The merchant will receive notifications on the Callback URL with the final payment response, which contains the transaction status and relevant details (e.g., qrStatus
, payId
, amount
, etc).
Based on these notifications, the merchant must ensure the delivery of the service or product to the buyer.
A notification is considered successfully received if the merchant’s server responds with HTTP status code 200 OK.
Notification structure (Example)
Signature validation
To verify the integrity and authenticity of the received data, the Merchant must validate the signature
field from the result
object using the following algorithm:
Alphabetically sort all fields in the
result
object, excluding thesignature
field.Ignore fields that have a
null
value or an empty string (""
). These fields should be excluded entirely from the signature generation process, as if they do not exist.Format amount fields (
amount
,commission
) using exactly two decimal places (e.g.,0.50
,2.31
) before concatenation.Concatenate the remaining parameter values using a colon (
:
) as a separator, in the sorted order.Append the Signature Key (available in the project settings in maibmerchants) to the end of the concatenated string.
Generate a SHA-256 hash in binary format from the resulting string.
Encode the binary hash using Base64 (or another format as specified in the official QR MIA documentation).
Compare the resulting encoded signature with the
signature
value received in the notification.
Signature validation example
Recommendations
Ensure that your server is accessible from maib IPs to receive the notifications.
Respond with HTTP status 200 OK only after successfully verifying the signature.
In case of errors or invalid signature, respond with a status code different from 200 to force the notification to be resent.
Last updated