Upon every successful transaction, a callback will be send to the link that you provided earlier through parameter
callback_url
However, LeanX callback mechanism will send an encoded JWT message instead of plain text to provided link, which need to be decoded with a hash key before it can be read. Below are the sample of callback response before and after encoding and decoding process.
Hash Key can be retrieved in your portal dashboard under API page.
{"invoice_no":"BP1701155880uBMwB9q0","client_data": {"merchant_invoice_no":"LXPAYeubb68W1701155842uNHhS","uuid":"8ef4ce50-aebb-4d8c-b142-4fa2a089fd06","order_id":"None" },"invoice_status_id":2,"invoice_type_id":1,"invoice_type":"NORMAL_COLLECTION","invoice_status":"SUCCESS","amount":"456.20","payment_model_reference_id":1,"rate_type_reference_id":2,"payment_service_id":89,"client_redirect_url":"https://www.yourdomain.com/return-page","client_callback_url":"https://www.yourdomain.com/api-callback-url","client_transaction_details":null,"prefund_collection": {"item":null,"response_code":2100 },"description":null,"card_token":null,"fpx_debit_auth_code":"00","fpx_credit_auth_code":"00","fpx_debit_status":"Approved","transaction_response_time":"28 November 23 03:18:03 PM","original_transaction_response_time":"2023-11-28 15:18:03"}
If you are integrating via your application, the hash key will always be an identifier or a signature to ensure that the callback was intended to be send to you. If the hash key is incorrect, it might be coming from unknown sources.