Receiving a callback

Creating an endpoint to receive callbacks on your application is as easy as creating a new page that accepts unauthenticated POST requests. The callback object is sent as JSON in the request body.

Confirming callback

Since anyone can get hold of your endpoint and attempt to send you phony event objects for malicious purposes (e.g. to see if they can mark their subscription to your product as renewed just in case you aren't running any verifications on the transaction reference), it is important to verify that callbacks originate from OPay.

You can do any or both of the list below to verify callbacks from OPay:

  • Watch the IPs and accept callbacks only from our IPs
  • Validate the Signature as decribed in the section that follows

Responding to a callback

You should respond to a callback with a 200 OK. We consider this an acknowledgement by your application. If your application responds with any status outside of the 2xx range, we will consider it unacknowledged and thus, continue to send it for 72 hours. You don't need to send a request body or some other parameter as it would be discarded - we only pay attention to the status code.

Structure of an callback object

A callback object is sent in JSON and similar to what you would get in response to a typical API request. Below is the body of a callback.

Sample Response

  "payload": {
    "country": "NG",
    "instrumentId": "useless",
    "fee": "0.10",
    "channel": "Web",
    "displayedFailure": "",
    "reference": "3cae64cb5f68a7c4008b765b97401a",
    "updated_at": "2020-09-21T13:18:45Z",
    "currency": "NGN",
    "refunded": false,
    "instrument-id": "useless",
    "timestamp": "2020-09-21T13:18:45Z",
    "amount": "10.00",
    "sessionId": "100004210318204012100247394470",
    "instrumentType": "coins",
    "instrument_id": "useless",
    "transactionId": "200921144008250432",
    "token": "200921144008250432",
    "bussinessType": "Consumption_H5",
    "payChannel": "BalancePayment",
    "status": "successful"
  "sha512": "4d001b261faa72096b63fa024299fd860c17b98563d4bb4f72371b932b91c348959f3af98853a37347b09a84ddcf53203d49f77d715f1679d8598f7a54107ef4",
  "type": "transaction-status"
payload.countryTransaction belongs country
payload.feeTransaction fee Amount in NGN
payload.displayedFailureTransaction reason for failure
payload.referencePartner transaction number
payload.updated_atTransaction update time
payload.currencyTransaction currency
payload.refundedIs the transaction a refund type (true or false)
payload.timestampTransaction time
payload.amountTransaction Amount in NGN
payload.transactionIdOPay transaction number
payload.payChannelPay method
payload.statusTransaction status (successful or failed)
sha512which is essentially a HMAC-SHA3-512 signature of the callback payload. Signed using your Secret Key

HMAC-SHA3-512 signature of the callback payload

Valid callbacks are raised with sha512 value, which is essentially a HMAC-SHA3-512 signature of the callback payload. Yes, signed using your Secret Key.

Example signature payload params

There are two values for Refunded, when payload.refunded is true, it is t, otherwise it is f.

{Amount: "10.00",Currency:"NGN",Reference:"3cae64cb5f68a7c4008b765b97401a",Refunded: f,Status: "successful",Timestamp: "2020-09-21T13:18:45Z",Token: "200921144008250432",TransactionID:"200921144008250432"}


  • Community

  • Official Website
  • Facebook
  • Linkedln
  • Twitter
Was this page helpful?