+31 (0) 20 760 2040 info@spilgames.com

Callback Validation

In this section you become familiar with the following parts of the in-game payment integration procedure:

How to validate the POST data returned by the payment callback function.

Callback validation


Always validate the callback data.The default POST data that is returned is an array with key-value pairs; the format is plain text.If you request POST data in an unsupported format, the server returns a 500 Server Error status code.

Before confirming the credit and updating the user’s balance with the purchased amount, check the POST data you receive with the callback:

POST data Definition
hash Each call requires a handshake hash, generated using the SHA-256 algorithm.The hash value is returned with the callback.Verify the hash content to make sure the payment confirmation originates from the Spil Games payment service.
transaction_id The transaction ID.You receive the transaction ID value from Spil Games.Every time a new payment is initiated, a new transaction ID is issued.Use the transaction_id parameter to identify the transaction on your side.Use this parameter and the corresponding value to verify payments on your end.Do not rely on other parameters like currency or amount, since they may need to be modified to accommodate users’ local currencies.
status End status of the transaction.For further details, see Payment end statuses.

You can add virtual currency to the user’s balance if the payment status value is PAID.The paid amount value must equal the amount value.If the paid amount is zero:

  • The payment has not yet been successfully completed, or
  • The payment has failed.

If the paid amount is larger than zero, but not equal to the amount:

  • The payment is a partial payment, i.e. status = PARTIAL.

In case of a partial payment, check the PARTIAL payment end status in Payment end statuses.

The parameters listed below are identical to those you pass with the showPaymentSelectionScreen call to trigger the payment selection screen.

As a best practice, we recommend you log these and other events that can modify the balance.

Before confirming the credit and updating the user’s balance with the purchased amount, you may wish to check also the following additional POST parameters:

This input parameter corresponds to… … this POST parameter returned with the callback
siteId site_id
gameId game_id
userId user_id
token transaction_token
params(optional custom parameters) custom_parameters