To fulfill compliance requirements but also reduce maintenance effort for you as a merchant, we now support an asynchronous redirect flow. As an existing merchant, you need to adjust your integration to handle this new flow while maintaining compatibility with the synchronous process.
This guide walks you through the required changes step by step.
To support the redirect flow, ensure your integration covers the following updates:
Include a Return URL in the Authorize Request
Handle 'Pending' as a New Outcome
Verify the Transaction Status After Customer Returns
Modify your POST /api/v3/authorization request to include a merchantUrl parameter:
{
"customer": {
"firstName": "John",
"lastName": "Doe"
},
...
"merchantUrl": "https://yourwebsite.com/redirect-handler"
}
Your system should be able to handle a response containing the outcome Pending and extract the secureLoginUrl:
{
"outcome": "Pending",
"secureLoginUrl": "https://secure-dev.riverty.dev/..."
}
When the outcome is Pending, redirect the customer to the URL (secureLoginUrl) provided in the response.
Once the customer completes the action, they will be sent back to your merchantUrl. Upon return, you need to verify that the status has changed to a final status:
The standard approach is to call our GET Order endpoint and request the status of the order. orderDetails.status should have changed to Accepted or Rejected. If a customer has cancelled the flow, it could also be in the status Cancelled or Expired.
GET /api/v3/orders/{orderNumber}
Example response:
{
"orderDetails": {
"status": "Accepted",
...
}
...
}
Handle the response accordingly.
Further details can be found in the API specifications.
An alternative option of handling the redirect feedback which does not require a server-to-server verification is to check the status which got appended to the merchantUrl.
Following parameters get appended to the URL: &ordernumber=DE521720703119315&orderstatus=accepted&signature=86cf82800...a95932d9335ee3cb
The signature is a HMAC hashed string consisting of {ordernumber}.{orderstatus}.
Using this approach you do not add latency to the checkout and could immediately show the outcome to the shopper.
Merchants can utilize webhooks to receive real-time updates when customers reach a final status in the redirect flow. This allows them to efficiently process orders and guide customers through the next steps seamlessly. Integrating webhooks enhances the user experience by automating workflows based on the latest transaction status.
For further details on using webhooks, refer to our Webhooks documentation.
To simulate a redirect flow, use following placeholder for the billing customer: First Name: Risky - Last Name: OTP
To support robust redirect flows within apps which works with all the different local authentication schemes we recommend to either initiate the redirect in the native browser or use SFSafariViewController.
For further details, refer to our main Redirect documentation.
Do you find this page helpful?