NotificationWebhook
The notification webhook is sent to the merchant’s configured endpoint when a transaction attempt has been completed, regardless of whether the transaction succeeded or failed.
Delivery and Retry Policy
- The receiving system must respond with standard HTTP
200 OK. - If no
200 OKis received, the webhook will be retried with exponential backoff. - Retry strategy:
- Attempt 1: immediate (0 seconds).
- Attempt 2: immediate (0 seconds).
- Attempt 3+: delayed by
2^attemptseconds. - Maximum delay capped at 3 hours.
- Retries stop after 25 attempts.
- Each webhook request has a strict timeout of 5 seconds.
- Merchants should always acknowledge quickly and process business logic asynchronously. Failure to comply may result in the endpoint being moved to a low-priority queue.
Headers and Authentication
- Every webhook includes an
Authorizationheader that must be validated to ensure the request originated from ePay. - By default, ePay issues a random Bearer token at account creation. This token, and the authorization scheme (
BearervsBasic), can be managed in the ePay Backoffice. - No additional signatures or payload signing is applied. Verification relies exclusively on the
Authorizationheader.
acquirerAgreement object
The name of the used acquirer / processor of the transaction
shift4The merchant category code registered on the agreement. Note 4514 is the default code when none is registered or when not relevant.
4514transaction object
The ID of the transaction
LDG7M4WW44GThe ID of the associated subscription
0197c07b-3f6d-7be2-b848-702b08958128The current state of the transaction. See our Core Concepts page.
Possible values: [PENDING, PROCESSING, SUCCESS, FAILED]
If the transaction has failed, this contains the associated error code explaining what went wrong.
externalStatusCodes objectnullable
A nullable object containing any known external status codes, such as the status code from the acquirer or the network. This can be useful for merchants who want to be able to react to very specific rejection reasons.
The status code from the acquirer. The possible values depend on processing acquirer. The key is only present if the value is known to ePay.
The status code from the scheme network. The field is only used for card based payments but stays consistent between acquirers. The key is only present if the value is known to ePay.
A unified status code representing the result of the Strong Customer Authentication (SCA) flow, such as 3DS.
The code is built by concatenating the challenge status (transStatus) and reason code (transStatusReason) from the two steps of the 3DS protocol.
| Code | Meaning |
|---|---|
| C | Transaction was challenged |
| N | Transaction was rejected |
| Y | Transaction was approved |
| U | Technical issues |
| I | Informational Only (No authentication performed) |
The reason code (transStatusReason) is appended if present, e.g., 07.
Examples:
Y- Frictionless approvalCY- Challenged then approvedCN07- Challenged then rejected due to reason07N07- Rejected without a challenge due to reason07
The time of creation
The ID of the associated session. This will be null for any MIT transactions.
The ID of the associated payment method
The type of the payment method.
Possible values: [CARD, VIPPS_MOBILEPAY, MOBILEPAY_ONLINE, APPLE_PAY, GOOGLE_PAY, SWISH, VIABILL, ANYDAY]
CARDThe sub type of the associated payment method. For card based payments, this will contain the name of the scheme, such as Visa or Mastercard. The card scheme name formatted with a uppercase starting character. For non-card based payments the field vary depending on the requirements of the payment method.
The expiration date of the associated payment method.
Although payment cards are specified by a month and year (MM/YY), this value is returned as a full date (YYYY-MM-DD) representing the last day of the expiration month.
Example: "2030-05-31" for a card expiring in May 2030.
A cardholder friendly text to help them identify the payment method. For cards this will be a masked version of the card number.
Contains the entered cardholder name of the optional "name" field. Will be null if the field is not rendered.
The SCA mode of the transaction.
Possible values: [SKIP, NORMAL, FORCE]
The merchant customer id of the transaction. This field is required to enable advanced features such as storing a card for later reuse. Do not use any "guest" customer ids. Customer ids must be unique for each customer and must be protected by authentication.
The transaction amount in minor units (e.g., 1095 = 10.95 DKK)
The applied transaction fee in minor units. The fee is included in the amount field. To get the original amount you must subtract fee from amount. Fees are only applied if surcharge is configured in the ePay backoffice.
Fees are calculated during transaction processing and as such is always 0 when initially created during MIT transactions.
The currency of the transaction in ISO 4217 alpha-3. DKK for danish kroner.
The instant capture mode.
Possible values: [OFF, VOID, NO_VOID]
The URL to receive webhook notifications of any transaction attempts. May contain templating variables.
Possible values: <= 1024 characters
The ID of the associated point of sale
The merchant reference of the transaction, this is often used for the order id.
The text to show on the cardholder bank statement
Possible values: non-empty and <= 39 characters
The list of exemptions to apply when possible. Note that exemptions may shift liability from the issuer to the merchant.
["LVT","TRA"]attributes object
A list of pass-through parameters that will be sent back to the merchant for following any webhooks
The ip (ipv4/ipv6) of the cardholder making the transaction. The IP is captured by ePay at the initialization of the transaction client-side. Can be empty.
52.212.176.122The detected origin country (Alpha-2) based on the clientIp property. Can be empty.
- Data derived from GeoLite2 by MaxMind.
DKThe type of transaction.
Possible values: [PAYMENT, PAYOUT, MOTO]
operations object[]
The ID of the operation
The ID of another operation that this operation depends on.
For example, a REFUND must reference the CAPTURE it is refunding.
Other operation types may also reference a prior operation if required.
The operation amount in minor units (e.g., 1095 = 10.95 DKK)
The state of the operation.
PROCESSING: The operation has been received and is being handled.SUCCESS: The operation completed successfully.FAILED: The operation could not be completed. SeeerrorCodefor rejection reason.
Possible values: [PROCESSING, SUCCESS, FAILED]
The ID of the associated transaction
LDG7M4WW44GThe type of operation.
AUTHORIZATION: Reserve funds on the payment method.CAPTURE: Transfer previously authorized funds.SALE: A combined operation that performs bothAUTHORIZATIONandCAPTUREin a single step.REFUND: Return funds to the customer.VOID: Releases previously authorized funds.PAYOUT: Transfer funds to a recipient.
SALE operations are only available for certain acquirers and will be used when available and instant capture is enabled.
Possible values: [AUTHORIZATION, SALE, CAPTURE, REFUND, VOID, PAYOUT]
When state is equal to FAILED, this will contain the explaining error code.
The time of creation
The timestamp when the operation reached a terminal state.
An operation is terminal once it transitions from PROCESSING to either SUCCESS or FAILED.
session objectnullable
The ID of the payment session
The subscription id related to the session, this can either be a new ID for new subscriptions or the given ID of a previous subscription which needs to be updated.
The transaction amount in minor units (e.g., 1095 = 10.95 DKK)
attributes objectnullable
Pass-through data which will be returned back to the merchant in any webhook.
List of exemptions to apply when available. Note exemptions may cause liability shift from the issuer to the merchant.
The currency of the payment. For Danish Kroner defined as DKK.
Possible values: Value must match regular expression ^[A-Z]{3}$
The expiration time of the payment session. After this time the session can no longer be used and a new session must be created.
The instant capture mode.
Possible values: [OFF, VOID, NO_VOID]
The maximum number of transaction attempts allowed for the session
The current number of transaction attempts so far.
The minimum age required. If not null and ePay Verify is enabled on your account, the cardholder will be prompted to verify their age using local online IDs such as MitID in Denmark.
Is true once the customers age has been verified to be at least equal to minimumAge parameter.
Boolean flag to enable / disable receiving webhook notifications for failed transactions.
Boolean flag to enable / disable dynamic amounts, allowing the client to determine the transaction amount. This is generally not recommended for most merchants.
The URL to receive webhooks related to transaction attempts
Optional URL to receive a webhook just before authorization is attempted. Can be used to update or reject the transaction. This is often used by merchants integrating external risk tooling to trigger 3DS challenges depending on the payment.
The URL to redirect the client on successful payment attempts
The URL to redirect the client on failed payment attempts when no more attempts are possible.
The URL to redirect the client on failed payment attempts when more attempts are possible. If null, then failureUrl is used instead.
The ID of the cardholder. This field is required to enable stored cards. Do not use any "guest" customer ids. Customer ids must be unique for each customer and secured behind authentication.
The ID of the associated point of sale
The transaction reference - Typically the order id.
The state of the transaction
Possible values: [PENDING, PROCESSING, COMPLETED, EXPIRED]
The text to display on the cardholders bank statement
Possible values: non-empty and <= 39 characters
The chosen SCA mode. This can be used to control the level of cardholder authentication performed before the transaction is authorized.
Possible values: [SKIP, NORMAL, FORCE]
The number of minutes the session is available.
The time of creation
subscription objectnullable
The ID of the subscription
01929a94-5fce-7ccc-a7e4-7e9249133b39The ID of the associated payment method
01924756-d1f6-738d-8040-90d76cedf01fThe currency of the original transaction which created the subscription. This is used as the default currency for new MIT transactions, if no currency is given.
Possible values: Value must match regular expression ^[A-Z]{3}$
DKKThe id of the merchant customer
User159The ID of the associated point of sale used during the creation of the subscription
0192473a-e381-705c-b61c-fc2ac9624afcThe merchant reference for the subscription.
reference-1The current state of the subscription. See our Core Concepts page.
Possible values: [PENDING, ACTIVE, INVALID, DISABLED]
ACTIVEThe type of subscription. SCHEDULED is used for fixed interval charges such as a monthly subscription fee. UNSCHEDULED is used for varying transaction intervals such as pay-as-you-go solutions such as parking or bike renting.
Possible values: [SCHEDULED, UNSCHEDULED]
SCHEDULEDThe expiration date of the subscription. ePay does not enforce this expiration, but uses it in the processing of transactions which may improve approval rates.
2050-01-01interval object
Interval configuration. It can only be present when type equal SCHEDULED. A frequency=2 and period=WEEK means one charge for every two weeks.
The time unit of the frequency field
Possible values: [DAY, WEEK, MONTH, YEAR]
MONTHThe number of period's between each charge.
Possible values: >= 1 and <= 31
1The time of creation
sca objectnullable
Boolean indicator which is true when the transaction is rejected due to failing SCA such as a 3DS challenge with MitID.
falseThe type of SCA performed during the transaction.
Possible values: [3DS, DELEGATED, UNKNOWN]
3DSThe level of verification performed during the transaction. The value will be CHALLENGED if the customer was prompted with challenges such as MitID login.
Possible values: [NONE, FRICTIONLESS, CHALLENGED, UNKNOWN]
FRICTIONLESScard objectnullable
Info about the card used during the transaction. Is only available for card based payments.
The masked account number of the paying card. If the transaction is token based, like ApplePay, this will instead contain the TAN (Token PAN).
12345678XXXX1234The month the card expires in. A card expires at the end of the month.
07The year the card expires in.
35The "Primary Account Reference" is a unique non-sensitive reference to the specific card. This will have the same value for any payment made with the same card even across wallets such as ApplePay. This can be used for loyalty systems or fraud prevention systems which needs to uniquely identify cards. The value is not always available. Availability depends on the used acquirer.
8F1B7C2QX4Z9N3V6M2R0K8YD5LJTPHThe name of the card issuer (Bank)
Danske BankThe network scheme such as Visa and Mastercard of the card
VisaThe alpha-2 code of the country the card was issued in
DKThe customer segment the card is issued to. This can be used to identify consumer vs business cards.
Possible values: [consumer, business, payouts]
consumerThe type of funding behind payments made from the card. This can be used identify debit vs credit cards.
Possible values: [debit, credit, prepaid]
debit{
"acquirerAgreement": {
"acquirer": "shift4",
"mcc": "4514"
},
"transaction": {
"id": "LDG7M4WW44G",
"subscriptionId": "0197c07b-3f6d-7be2-b848-702b08958128",
"state": "PENDING",
"errorCode": "string",
"externalStatusCodes": {
"acquirer": "string",
"network": "string",
"sca": "string"
},
"createdAt": "2024-07-29T15:51:28.071Z",
"sessionId": "string",
"paymentMethodId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"paymentMethodType": "CARD",
"paymentMethodSubType": "string",
"paymentMethodExpiry": "2024-07-29",
"paymentMethodDisplayText": "string",
"paymentMethodHolderName": "string",
"scaMode": "SKIP",
"customerId": "string",
"amount": 0,
"fee": 0,
"currency": "string",
"instantCapture": "OFF",
"notificationUrl": "string",
"pointOfSaleId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"reference": "string",
"textOnStatement": "string",
"exemptions": [
"LVT",
"TRA"
],
"attributes": {},
"clientIp": "52.212.176.122",
"clientCountry": "DK",
"type": "PAYMENT"
},
"operations": [
{
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"referenceTransactionOperationId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"amount": 0,
"state": "PROCESSING",
"transactionId": "LDG7M4WW44G",
"type": "AUTHORIZATION",
"errorCode": "string",
"createdAt": "2024-07-29T15:51:28.071Z",
"finalizedAt": "2024-07-29T15:51:28.071Z"
}
],
"session": {
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"subscriptionId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"amount": 0,
"attributes": {},
"exemptions": [
"string"
],
"currency": "string",
"expiresAt": "2024-07-29T15:51:28.071Z",
"instantCapture": "OFF",
"maxAttempts": 0,
"attempts": 0,
"minimumAge": 0,
"ageVerified": true,
"reportFailure": true,
"dynamicAmount": true,
"notificationUrl": "string",
"preAuthUrl": "string",
"successUrl": "string",
"failureUrl": "string",
"retryUrl": "string",
"customerId": "string",
"pointOfSaleId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"reference": "string",
"state": "PENDING",
"textOnStatement": "string",
"scaMode": "SKIP",
"timeout": 0,
"createdAt": "2024-07-29T15:51:28.071Z"
},
"subscription": {
"id": "01929a94-5fce-7ccc-a7e4-7e9249133b39",
"paymentMethodId": "01924756-d1f6-738d-8040-90d76cedf01f",
"currency": "DKK",
"customerId": "User159",
"pointOfSaleId": "0192473a-e381-705c-b61c-fc2ac9624afc",
"reference": "reference-1",
"state": "ACTIVE",
"type": "SCHEDULED",
"expiryDate": "2050-01-01",
"interval": {
"period": "MONTH",
"frequency": 1
},
"createdAt": "2024-07-29T15:51:28.071Z"
},
"sca": {
"rejected": false,
"type": "3DS",
"verification": "FRICTIONLESS"
},
"card": {
"pan": "12345678XXXX1234",
"expireMonth": "07",
"expireYear": "35",
"par": "8F1B7C2QX4Z9N3V6M2R0K8YD5LJTPH",
"Issuer": "Danske Bank",
"Scheme": "Visa",
"Country": "DK",
"Segment": "consumer",
"Funding": "debit"
}
}