The merchant must be able to receive an HTTPS form post-back from VPG to the returnurl or failureurl specified in the merchant form post as a result of the payment outcome.
This is NOT the post–back for the tokenisation process which is an asynchronous process and will be returned via the notifyurl.
Asynchronous responses for the actual payment result are also sent back to the merchant in the WebHooks.WebHook.Url field defined in the encrypted transaction object.
Take note, this is a lengthy batch process and runs as scheduled tasks between VFS and the bank.
It should never be relied upon to be returned quickly or included in a synchronous user-journey with the customer.
The following fields are posted back to the merchant because of the payment:
| # | Field (Case–Sensitive) |
Required MandatoryOptional |
Type | Length | Description |
|---|---|---|---|---|---|
| 1. | MerchantIdentifier ^ | M | GUID | 38 | This is the unique identifier that is issued to the merchant by VFS to identify him on the payment platform. |
| 2. | MerchantReference | M | String | 20 | Sent by the merchant in the original form post |
| 3. | CorrelationIdentifier | M | String | Sent by the merchant in the original form post as requestidentifier. | |
| 4. | CustomerIdentifier | M | String | Sent by the merchant in the original form post. | |
| 5. | CardNumber | M | String | A masked credit–card number returned by the bank. | |
| 6. | Amount | M | Decimal | Sent by the merchant in the original form post. | |
| 7. | TransactionReference | M | String | 21 | The unique identifier of the transaction on the payment gateway. Will always contain a value in the case of a successful transaction. NULL otherwise.. |
| 8. | ErrorCode | M | String | 3 | Error code returned 00 – the transaction was accepted and will be processed. Anything above 00 is an error. |
| 9. | ErrorDescription | O | String | 250 | Error code returned 00 – the transaction was accepted and will be processed. Anything above 00 is an error. |
| 10. | BankReference | O | String | 16 | The reference number that was returned from the bank. Can be empty. If transaction was sent to bank, a number will be returned. |
| 11. | BankResponseDescription | O | String | 3 | The description of the bank response code. Can be empty. |
| 12. | ControlKey | M | String |
Encrypted value used to check that the values posted back correspond to a valid Payment Gateway Postback. See 4.2 Appendix B: Encryption Algorithms and 4.3 Appendix C: Control Key for details on how this value is generated. Without this, PCI vulnerability checks could fail. |