Search
IntroductionPhonePe now internally can configure Callback urls along with username & password with sha256 for sending s2s response for merchants based on merchant request (Currently this is available only in production Environment and for sandbox environment, merchants still need to pass callback URL in API Headers for testing). Once the username and password is configured, PhonePe will pass the same SHA256 (username:password) as the “Authorization” header in s2s response which merchants can verify if this is matching with their configured value.
Callback Types
- PG_ORDER_COMPLETED
- PG_ORDER_FAILED
- PG_REFUND_ACCEPTED
- PG_REFUND_COMPLETED
- PG_REFUND_FAILED
- PG_TRANSACTION_ATTEMPT_FAILED
PhonePe will pass the authorization header as :
Authorization : SHA256(username:password)
Callback Validation/Verification flow for merchants
For the incoming request, extract the basic authorization header “Authorization”, verify it with the one which you have shared with us and accept the response if Username and password matches.
Sample S2S Responses – S2S Callback when order is completed.
{
"type": "PG_ORDER_COMPLETED",
"payload": {
"orderId": "OMOxx",
"state": "COMPLETED",
"amount": 10000,
"expireAt": 129139129,
"paymentDetails": [
{
"paymentMode": "UPI_INTENT",
"transactionId": "OM12334",
"timestamp": 12121212,
"amount": 10000,
"state": "COMPLETED",
"splitInstruments": [...]
}
]
}
}