MD5 signature - change from Pending to OK for PPRO payments #37
Comments
|
Do you know what status detail you are sending back in the notification (callback) call? Is it "Notification has been tampered with" or "Transaction has already been processed"? I have had occurrences of the same notification being sent from Sage Pay multiple times because the first "OK" response did not get back to Sage Pay for whatever reason. This library needs to recognise a duplicate notification and return the previous response again instead of an error. This may or may not be the issue you are having, depending on the details of the error your notification is returning. It should all be stored in the database - you are welcome to directly send me a an exported database record for a failed transaction and I will take a look at it. |
|
The message you got from Sage Pay may be technically correct, and is what this package does, but may be missing the context of what is actually going wrong here. If the PPRO callback happens 20 minutes after the initial transaction, then I have a hunch it is related to there being callbacks in two stages - and it failing only on the second callback, as it was only expecting one. Again, if you have any more details you can send me, I would be glad to take a look and fix this package if it highlights what could be going wrong. It's this statement that makes me suspicious: "there is a problem with the MD5 signature built by your server". Sage Pay can only reach this conclusion if they see the response detail "Notification has been tampered with". Is that what they see? |
|
Does release 0.9.7 help fix this issue for you? |
The following is an email we have received from SagePay regarding issues we have been having with PPRO not updating from "pending" to "OK" status. Could anyone suggest where this needs to be corrected (if indeed it is an issue within this library)?
I am writing to you in regards to the ongoing issue with pending PPRO payments.
The issue is to do with the MD5 signature when we call back to your Notification URL. Initially the callback from your server for a Status = Pending transactions is as normal, works fine no issues there, the signatures match, but when we call back the second time to change it from pending to OK, there is a problem with the MD5 signature built by your server.
We need to send another callback to your server as we wait for PPRO to contact Sage Pay to confirm the order has authorised.
For the below example we get this confirmation from PPRO about 20 minutes after the transaction goes through:
VendorTxCode=12345678,
VPSTxId={XYZ123-XYZ123-XYZ123-XYZ123-XYZ123},
Status=OK,
GiftAid=0,
VPSSignature=0123456789ABCDE
This needs to be built like:
12345678{XYZ123-XYZ123-XYZ123-XYZ123-XYZ123}OK0
VPSSignature=0123456789ABCDE
So the order for building this is:
VPSTxId
VendorTxCode
Status
GiftAid
So we need your server to reply with the correct VPSSignature for the second callback to acknowledge they change from Pending to OK in the Sage Pay system in the format shown above and this will mean that your transactions do not stay as Pending in My Sage Pay and revert to a successfully authorised transaction.
The text was updated successfully, but these errors were encountered: