Transaction Authorisation¶

Transaction authorisation is one of the most crucial steps you have to implement to complete the checkout integration.

Authorisation Process Workflow¶

Webhook Notification¶

Once the customer has completed the payment on Tamara checkout, the transaction will be at approved status and in the meantime, Tamara will send a webhook payload for ‘approved’ notification by (Http POST request) method, to the notification URL that was provided in your checkout session request or if you subscribed to the webhook endpoint for the approved event.

It is recommended that you test the communication, by using a tool like https://webhook.site to see how it works.

Notification Payload¶

Request Payload

{
"order_id": "8c5e39bb-698d-4c9a-bf9b-efe9bb133fca",
"order_reference_id": "123456",
"order_status": "approved",
"data": []
}

order_reference_id: your order reference id that was provided to us in your checkout session request.

Curl Sample

curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <tamaraToken>" \
--data '{"data":[],"order_id":"<tamaraOrderId>","order_reference_id":"<yourRefOrderId>","order_status":"approved"}' \
"<theNotiticationUrlParamInCreateCheckoutRequest>?tamaraToken=<tamaraToken>"

<tamaraToken> encoded JWT token using HS256 algorithm, and you can use the Notification Token provided by Tamara, to decode it, to ensure that the request to your Notification endpoint comes from Tamara (security aspect).

Authorisation¶

After receiving the notification, i.e., once the order payment is ‘approved’ from the checkout flow, your server would need to call back Tamara to confirm the receipt of the transaction response by authorisation, using our Authorisation API

This backend-to-backend communication will also help to avoid the frontend redirection issue during the checkout. For e.g., once the customer has completed the payment on Tamara checkout and couldn't redirect back to your frontend website/ app due to any network/ connection problem, your system would still receive the notification from us in the background.

Once we receive the Authorisation callback, the transaction will be moved to authorised status, and you can start shipping the items to the customer.

If we don't receive the authorisation callback from your end, the order/ transaction on our side would be stuck at approved status, and you will not be able to trigger the Capture API for that payment later, also that payment would be implicitly excluded from your next settlement cycle. Therefore, please implement and test this flow carefully on our sandbox environment before going live.