After transaction is successfully or failed we always send back response to the result URL provided during the request.
Sample Success Callback Response
{
"channel": "549319",
"reference": "3888",
"transaction_id": "CP7S6ULT8P",
"currency": "KES",
"amount": "10",
"fees": "0.2",
"firstname": "John",
"middlename": "Kariuki",
"surname": "Mwangi",
"result_code": 0,
"result_description": "The service request is processed successfully.",
"hash": "c920aaebae731f9e16d9a8f1fc1e349b99313cf230f18126a0bbd07d64aac2e0"
}
Sample Failed Callback Response
{
"channel": "549319",
"reference": "3888",
"result_code": 1032,
"result_description": "DS timeout user cannot be reached",
"hash": "e07f51540e120030f5beb594ba34f335f16f2f78c4a7a7b0d53647ac44590ff9"
}
The hash body parameter is a SHA-256 hash_hmac to proof that this response is coming from the Pokea Pay.?
Build a String of concatenated values of the all response fields with the following order they have been sent Except the hash parameter. The resulting text is then hashed with consumer key(provided during registration).
Now onto hashing. The mechanism of hashing this data will depend on the language you are using. For instance, if you are using PHP, you would go about it as follows;
// Your code here!
function implode_all($sep, $arr){
for ($i=0; $i< count($arr); $i++) {
if (@is_array($arr[$i]))
$arr[$i] = implode_all ($sep, $arr[$i]);
}
return implode($sep, $arr);
}
//sample callback response
$call_back_response= array(
'channel' => '549319',
'reference' => "07",
'result_code' => 123,
'result_description' =>'Request cancelled by user',
);
$string_to_hash =implode_all('',$call_back_response);
//hashing your concatenated string
$hashed_string=hash_hmac('sha256', $string_to_hash, 'CONSUMER KEY HERE');