Callback
When a payment status is updated, our system will send an HTTP POST request to your callback URL. This request contains transaction information so you can update your records accordingly.
Setup
Merchants need to provide a callback URL where our system can send payment notifications. This URL should be an endpoint on your server that can process incoming JSON data.
Callback Flow
Headers
{
"Content-Type": "application/json",
"x-signature": "9gfgtr560987jhghgfhdf",
"x-request-id": "236a4d5f-884a-4934-90af-04306146c328"
}x-signature: HMAC SHA-256 signature used to verify callback integrity.
x-request-id: Unique identifier generated by Pay2Local.
JSON Payload
| Field | Type | Description | Notes |
|---|---|---|---|
| merchant_payment_id | String | Your unique payment identifier | Provided in your original API request |
| requested_amount | Float | Payment amount requested by customer | Example: 100.00 |
| currency | String | Currency code (always BDT) | Only "BDT" supported |
| request_type | String | Transaction type | "Deposit" or "Withdraw" |
| bank_type | String | Mobile banking method used | "Nagad", "Upay", "Bkash", etc. |
| request_status | String | Payment status | "Approved" or "Rejected" |
| transaction_id | String | Pay2Local transaction ID | Only present for Approved payments |
| service_type | String | Service type used | "p2p_agent", "p2c_qr", or "p2c_api" |
| timestamp | DateTime | When payment was processed | ISO 8601 format with timezone |
| signature | String | HMAC SHA-256 signature | Generated from specific fields |
Signature Verification
Important: Obtain Your Merchant Access Key And Setup Callback URL
First, get your Merchant Access Key from the Pay2Local Merchant Admin Panel. This secret key is required for signature verification. And Setup Callback Url from there.
--
How Signature Formed Example JS Code Snippet:-
npm install cryptoconst expectedSignature = crypto
.createHmac('sha256', merchantAccessKey)
.update(dataString)
.digest('hex');
// Compare with provided signature
return payload.signature === expectedSignature;Merchant Access Key required for verification of signature. You can find it in the merchant admin panel:
Callback Examples
Approved
{
"merchant_payment_id": "ORDER-12345",
"requested_amount": 1500.50,
"currency": "BDT",
"request_type": "Deposit",
"bank_type": "Nagad",
"request_status": "Approved",
"transaction_id": "P2L-TXN-7A89B2C3D4E5",
"service_type": "p2p_agent",
"timestamp": "2024-05-21T15:50:32.024+06:00",
"signature": "ec2e2dfe942ddf3905b06b9e0d4bb502935b6b389432d37e51fc8316d683f0e1"
}Rejected
{
"merchant_payment_id": "ORDER-12346",
"requested_amount": 2000.00,
"currency": "BDT",
"request_type": "Deposit",
"bank_type": "Bkash",
"request_status": "Rejected",
"transaction_id": "",
"service_type": "p2p_agent",
"timestamp": "2024-05-21T16:30:45.123+06:00",
"signature": "a1b2c3d4e5f67890abcdef1234567890fedcba9876543210"
}