EBANX sends a notification each time a payment status changes, which consists of an HTTP POST to an URL specified on the merchant area.

The following parameters are sent:

operation=payment_status_change&notification_type=update
&hash_codes=53ad936c0dfb7b008d57bf7d396c83a28d24869949fdc84f

It’s also possible that is sent an an array of hashes separated by commas:

operation=payment_status_change&notification_type=update
&hash_codes=53ad936c0dfb7b008d57bf7d396c83a28d24869949fdc84f,cc6d7065bd3842c9fd56f993dba4d900b428d9373878aff8

Parameters

operation

string

The value is always payment_status_change.

notification_type

string

Event that triggered the notification:

  • update: the payment status has changed from PE to CO or CA.
  • chargeback: a chargeback was issued for this payment.
  • refund: a refund was issued for this payment.
  • chargeback_credit: a chargeback credit was issued for this payment.

hash_codes

string

A single hash or an array of hashes separated by commas.

After receiving the notification, you should call the API method query to fetch the current payment status, and then use it to process the payment on your system.

When you finish processing the notification, you must output a response (it can be any string) to indicate that it was processed correctly. Otherwise, the notification will be sent again.

All the notifications will be logged, and you can keep track of them in the merchant area by going to Integration > Notification Log.

Notification signature

EBANX signs every notification request using a private certificate and send the signature in the HTTP headers. The merchant can verify if the request really came from EBANX by validating the digital signature using our public certificate.

The available certificates and their fingerprints are shown on the table below:

FingerprintCertificate
4ABAD89CF66B99998465470550EB15E3E271A246Download

EBANX will send the following headers in the notification request:

X­-Signature­Type: rsa,sha1
X­-Signature­Fingerprint: 4ABAD89CF66B99998465470550EB15E3E271A246
X-­Signature­Content: xh5hstzZt5Rf5ihNzbfFfkmN89askd...DrHJAnzHgaf2vzA==

X­-Signature­Type

The signing algorithm. EBANX will always use RSA/SHA1.

X­-Signature­Fingerprint

The signature fingerprint. It indicates which certificate was used to sign the notification.

X­-­Signature­Content

The signed payload, encoded as a Base64 string.

The signature can be validated in PHP as follows:

$cert      = file_get_contents('ebanx-notifications-public.pem');
$data      = file_get_contents("php://input");
$signature = base64_decode($_SERVER['HTTP_X_SIGNATURE_CONTENT']);

// http://php.net/manual/en/function.openssl-verify.php
$result = openssl_verify($data, $signature, $cert);

if ($result === 1)
{
  echo "OK, signature is correct.";
}
else
{
  echo "ERROR, the signature is incorrect.";
}