After the payment
Learn how to fulfill the order or provide access to your services after the customer completes the payment
When your customer successfully completes a Beanie Session, we redirect them to the URL you specified in the success_url
parameter, that should represent a page you host to inform your customer that the payment was successful.
Now, you want to fulfill the customer's order, to deliver them the goods or services they paid for. This guide explains how to deal with this scenario.
Using webhooks
Using webhooks is the recommended way to provision a subscription or a one-off purchase after the payment is successful, as customers may never reach the success_url page - they can close their browser tab for instance -.
Octobat sends the octobat.order.succeeded
event for a successful Beanie payment. The webhook payload includes the underlying Order object, which contains information about the Customer, Payment, or Subscription, and optionally the client_reference_id
if you provided it.
You can subscribe from webhooks directly from the Octobat interface.
In order to avoid webhooks deactivation, please ensure you always return a 200
HTTP code everytime you get notified by a webhook coming from Octobat, even if you don't use it.
Directly from the success_url redirection
Listening to the transaction_details parameter
The redirect to success_url
comes along with the transaction_details
GET parameter, that contains a hash of relevant data to reconciliate the current visitor with a customer from your database and their order.
Do not rely on the redirect to thesuccess_url
alone for fulfilling purchases if thetransaction_details
GET parameter is not present, or if you can't decode it properly, as malicious users could directly access this page without paying before.
Decoding to the transaction_details parameter
The transaction_details
GET parameter, consists in a JWT encoded with your Octobat secret API key, using the HS256 algorithm.
You can easily retrieve your Octobat secret API key on your account within the section: Developers / API keys.
Using your library of your choice, decode the JWT token to get the following data:
Last updated