Handling the Redirect
After the payment is completed successfully ICEPAY will redirect the user to the page that was sent in the IC_URLCompleted parameter of the Checkout request, or the value in the ICEPAY Portal.
If the payment is not completed successfully, the creditcard is declined, the user cancels or something else is wrong, ICEPAY will redirect the user to the page that was sent in the IC_URLError parameter of the Checkout request, or the value in the ICEPAY Portal.
The Status is included in the redirect's parameters. However, you are strongly advised to primarily use the Postback Notification as a means to update the Payment Status in your system. A redirect might not happen if the consumer closes their webbrowser before being redirected.
The Redirect is an HTML GET, including values giving you more information about the payment, see Redirect Fields. All values will be appended as GET parameters. The append process takes into account whether there already is a “?” or not in the IC_ URLCompleted / IC_URLError page, so it is possible to construct this URL with some parameters of your own. Do make sure however that there are no name-clashes.
The redirect uses a checksum to allow you to verify the contents of the data. The checksum is a digital signature that authenticates the sender of the message. This prevents others from tampering and sending payment requests in your name. It also assures you that any response or postback you receive actually comes from ICEPAY. You must always validate the checksum.
How to calculate the checksum
The checksum calculation for the redirect use the individual fields that are sent as GET parameters by concatenating the values separated by the pipe (|) character.
Example: secret|12345|OK|Succes|100000007|1234567|My Payment 100000007|
Note that the order of the fields matters in these calculations. The exact order for a redirect can be found here: Redirect Checksum Fields.
Convert the string to bytes using UTF-8 encoding and calculate a SHA1 hash. Compare this with the checksum found in the redirect Checksum field (bytes are converted to hexadecimal format, e.g.: fec283744032990e5b461456340c1844be507a31).
You can find a sample of data pushed to your postback page in Redirect Sample.