Tarabut Portal

Single payment status updates

The time it takes a bank to process a PIR can vary and may not be instant. Because of this, Tarabut provides updates when the status of a payment changes.

There are different methods to obtain the status of the payment.

MethodDescriptionUse case
Callback URL payloadA payload appended to the callback URL - the URL a consumer is redirected to after they have completed a payment.Presenting an immediate confirmation to the consumer at the end of the payment flow. The payload allows the merchant to display a receipt (for example, if payment is cancelled by the consumer).
Webhook notificationsWebhook notification of a status change on the payment.Be notified as soon as the payment status changes.
Get paymentsGet the status of the payment manually.If a manual update is required on demand, merchants can get the status of the payment at any time.

Using the callback URL payload

After the consumer authorises the payment at their bank, you should direct them to a confirmation page. For every PIR, you'll need to provide a callbackUrl parameter. Tarabut redirects the consumer to the callbackUrl at the end of every payment flow, regardless of the payment's outcome.

In order to allow merchants to provide consumers with feedback reflecting the payment status, Tarabut provides payment information in a tarabut_payment_payload parameter appended to the callbackUrl. tarabut_payment_payload includes paymentId and paymentStatus as claims in a Base64 encoded JSON Web Token, provided as:

https://merchant.site?tarabut_payment_payload=eyJraW...5MwvsUjZpqY7p_jZo (sample)

Header

{
  "kid": "aeaf334e-9a54-41e8-961a-e3838081fd5c",
  "alg": "RS256"
}
ParameterDescription
kidJWT key identifier.
algJWT signing algorithm.

Payload

{
  "jti": "46406996-1a33-4eef-a891-25077a576676",
  "iss": "https://sandbox.payments.tarabutgateway.io/",
  "sub": "payment_info",
  "paymentStatus": "COMPLETED",
  "paymentId": "787fd82e5578fc3b",
  "iat": 1608226143,
  "exp": 1608227943
}
ParameterDescription
issThe principal that issued the JWT
subType of data
paymentStatusThe current status of the payment. For all possible statuses see here.
paymentId16 digit alphanumeric unique payment identifier.
iatJWT issue time
expJWT expiry time

JWT integrity

The integrity of the token can be verified by using either one of the industry standard libraries provided by JWT.io, corresponding to your platform's programming language. Verification can be done by using one of the public keys exposed by Tarabut.

Using webhook notifications

When the status of a payment is updated, Tarabut will send a digitally signed POST request to the specified callback URL. Make sure you have set up a callback URL

Webhook

--header 'x-signature=h4DnIgww/Qw0NhMFlzgQuLKpvhVgJGm5ZSImO7wh7MewUX3AJYa06fwh9naN1Zp7h9OopRbVR3oY8L0PzDmirXyX1QM3eRZIkSjAZs+S9vx7D2ETH0WGk3ByJ28i3j6Q3Be3G5PEx91llVgTsOyYTdKVykzh/b8azI+5fr45PMe6mOKVjb8hoBsMJP9n+jQWQ8NnkR9h4iCxxqULFsY+oXu08dFFMPfnyc2Lp7rA66kLZVU7w4XS3rrNxoWV65Z75lvB8wAefWkR9KdFE8kWdZpAqdG+nC78EEZOo3fMoW+RuNKP57rw0yjC0Xmh8fActzTVyKcBlhum+/fTBc8rCbeoFKoHBiXQ+mcTKTdTveVEe2P95jtet6C2AMI0grRo7N45kMPT2IhyFxe4WUtafkpkJhTCu65QliGlQwKnebCQYB4uQUmvTQ8vli8FKjomeGis4KYOkQMA1YAatVF00IThbVVKO3QafVGUfn3Sue6EdNPT8UW8DiQ2UPsAYCI8N+M0YyebQZ48NqAv6Rp0Kz/srxiJc7YiWhLIgmoFe5Kfz+HWrIIZknH66HRhK3AFYocSliWtOH9p6YwaDNZ/M7giW7zjNpjWyRq7uoPLFD9OYZgaC+4vIreL3KTx/eCVHx0yqNajVSYAuMExwrPxoctklGAjuWHEFIRtm6wXqE0='
--header 'x-signature-keyId=718c7272-4e33-466b-8ad8-28fa2c95193f'
{
  "type": "PAYMENT_STATUS_CHANGE",
  "paymentId": "5da26306860bb993",
  "status": "SETTLED",
  "timestamp": 1632494853092,
  "amount": 1.00,
  "currency": "GBP",
  "description": "Test payment",
  "paymentType": "ONE_OFF",
  "bankName": "Santander",
  "destinationAccount": "GBP1",
  "creationTimestamp": "2021-09-27T11:22:58.203Z",
  "updateTimestamp": "2021-09-27T11:22:58.203Z",
  "customerReference": "123",
  "merchantReference": "ABC",
  "refundedAmount": 0.00,
  "payerToken": "cc858257-f778-51ed-9c89-8d28dd30ea1a"
}
ParameterDescription
typeA constant type for the payment status notification.
paymentId16 digit alphanumeric unique payment identifier.
statusThe current status of the payment. For all possible statuses see here .
timestampExact date when the webhook notification was sent represented by a UNIX epoch time in milliseconds.
amountAmount to be paid by the payer.
currencyThe three-character payment currency using ISO 4217.
description (if provided)An internal description - can be up to 250 characters alphanumeric.
bankNameThe bank from which the payment was initiated.
destinationAccountSpecifies the ID of the merchant's destination bank account.
customerReference (if provided)Reference field for customer ID - can be up to 128 characters alphanumeric.
merchantReference (if provided)Reference field for order ID - can be up to 256 characters and alphanumeric.
creationTimestampThe time that the payment initiation request was originally made, using ISO 8601.
payerTokenA pseudonymised representation of the payer's account details as a token (account number/sort code or IBAN). The token is unique to the payer's account.

Verifying integrity

Every webhook notification sent by Tarabut is digitally signed using public key cryptography, also known as asymmetric cryptography, and will allow the merchant verify the origin and the integrity of the message. Learn how to verify the integrity of the webhook notification here.

Using payment status call

You can request a status update on any payment at any time by sending an HTTP GET request to the relevant base URL+ /api/v1/payments/ including the headers Authorization: Bearer <payment_token>. You can use the same payment token generated previously.

Request

curl --location --request GET 'https://sandbox.payments.tarabutgateway.io/api/v1/payments/<paymentId>' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <payment_token>'
ParameterDescription
paymentId16 digit alphanumeric unique payment identifier.

A successful request returns a 200 response code and an object with details of the payment.

If something unexpected happened during the request, the API returns an error response with the appropriate HTTP status code and a JSON response that contains detailed information about the problem.

Response

{
    "id": "b0175ff11f6f5752",
    "amount": 1.00,
    "currency": "BHD",
    "description": "Test payment",
    "status": "COMPLETED",
    "type": "ONE_OFF",
    "destinationAccount": "BHD1",
    "creationTimestamp": "2021-09-27T11:22:58.203Z",
    "bank": "ILA",      
    "customerReference": "123",
    "merchantReference": "ABC",
    "expiryDateZoned": "2022-08-31T17:19:25.533Z"
}
ParameterDescription
id16 digit alphanumeric unique payment identifier.
amountAmount to be paid.
currencyThe three-character payment currency using ISO 4217.
description (if provided)An internal description - can be up to 250 characters alphanumeric.
statusThe current status of the payment. For all possible statuses see here .
typeThe type of payment.
destinationAccountSpecifies the ID of the merchant's destination bank account.
creationTimestampThe time that the payment initiation request was originally made, using ISO 8601.
bankThe bank from which the payment was initiated.
customerReference (if provided)Reference field for customer ID - can be up to 128 characters alphanumeric.
merchantReference (if provided)Reference field for order ID - can be up to 256 characters and alphanumeric.
refundedAmountThe amount of the payment that has so far been refunded.
expiryDateZonedThe time that the payment will expire if not used, using ISO 8601.