Signature Verification
Zoho Payments generates a signature for the return URL to ensure the security and integrity of the transaction data. Signature verification confirms that the data has not been tampered with and authenticates the payment details received after a transaction. The parameters shown in the table below are sent through the return URL, which is the page to which the customer is redirected after a successful payment.
| Parameter | Description |
|---|---|
payment_link_id |
A unique identifier for the payment link. |
payment_id |
A unique identifier for payments made through Zoho Payments. |
amount |
The payment amount. |
status |
The status of the payment. |
payment_link_reference |
An alphanumeric identifier for the link provided during link creation. This is an optional parameter and will not be included in the return_url unless specified. |
signature |
A signature to verify the authenticity of the parameters in the return_url. |
To verify the signature:
- Extract the following parameters from the return URL and concatenate in this order and use period (.) as a separator:
payment_link_id.payment_id.amount.status.payment_link_reference
-
Generate an HMAC-SHA256 signature using the concatenated string and your signing key.
-
Compare the generated signature with the signature parameter from the return URL.
Successful validation confirms that the data is secure and has not been tampered with
Walkthrough of Zoho Payments personalized to your business needs