I'm trying to implement Adyen with iDEAL as one of the payment methods in a webapplication I'm building. When an user selects iDEAL as the preferred payment method he gets redirected to the iDEAL environment to finish the payment process, I supply a redirect URL which the user is redirected to after he/she completes or cancels the payment. The callback method is called with the following parameters:
string payload,
string type,
PaymentResultResponse.ResultCodeEnum resultCode
The Adyen documentation states I need to verify the incoming payload, which is a HMAC signature.
https://docs.adyen.com/payment-methods/ideal#integrate-with-api (step 4)
When the shopper has completed the payment they return back to your website or app using the returnUrl you provided when you made the /payments request. This URL is appended with a payload query parameter which you will use to verify the payment result. If any other parameters are appended, ignore them.
I cannot seem to find which data is used to construct this payload, so I do not know how to generate an expected signature to test the incoming payload against.
Just received an answer from Adyen support:
Anonymous (Adyen Support) Aug 20, 11:48 CEST
Hi Jop,When the shopper returns to your website after an iDeal payment, the payload is appended to the result URL.
You will then need to verify the payload that you received in a /payment/details call (Step 6). In the response you will receive the result of the transaction. In addition we can send you a asynchronous notification with the result of the payment (in case the shopper already closed their browser before the redirect takes place).
There is no need to verify the payload with a HMAC-key. Let me know if you have more questions.
Kind regards,
Anonymous
Technical Support Engineer