Verify Redirect Response

Overview

The VerifyRedirectResponse RPC validates the authenticity of payment responses received from redirect-based authentication flows. This includes 3D Secure (3DS) redirects, bank authentication pages, and wallet payment callbacks. It ensures the response genuinely came from the payment provider and hasn't been tampered with during transit.

Business Use Case: When a customer completes a 3DS challenge or bank redirect and is redirected back to your application, you need to verify that the response is legitimate. This prevents fraudsters from spoofing successful payment notifications and ensures you only fulfill orders for genuine successful payments.

Purpose

Why use VerifyRedirectResponse?

Scenario

Developer Implementation

3DS completion

Customer returns from 3DS challenge - call VerifyRedirectResponse to validate the authentication result

Bank redirect

Customer returns from bank authentication page - call VerifyRedirectResponse to confirm payment success

Wallet payment

Customer completes Apple Pay or Google Pay - call VerifyRedirectResponse to verify the token

Fraud prevention

Suspicious redirect parameters detected - call VerifyRedirectResponse to validate before fulfilling order

Tampering detection

URL parameters appear modified - call VerifyRedirectResponse to verify integrity

Key outcomes:

Confirms redirect response authenticity
Prevents fraudulent payment notifications
Extracts verified transaction details
Determines final payment status
Enables safe order fulfillment

Request Fields

Field

Type

Required

Description

merchant_order_id

string

Yes

Your unique order identifier for this verification

request_details

RequestDetails

Yes

Details of the redirect request including headers, body, and query parameters

redirect_response_secrets

RedirectResponseSecrets

Secrets for validating the redirect response

Response Fields

Field

Type

Description

source_verified

bool

Whether the redirect source is verified as authentic

connector_transaction_id

string

Connector's transaction ID if verification successful

response_amount

Money

Amount from the verified response

merchant_order_id

string

Your order reference (echoed back)

status

PaymentStatus

Current status of the payment after verification

error

ErrorInfo

Error details if verification failed

raw_connector_response

SecretString

Raw API response from connector for debugging

Example

Request (grpcurl)

grpcurl -H "x-connector: stripe" \
  -H "x-connector-auth: {\"Stripe\":{\"api_key\":\"$STRIPE_API_KEY\"}}" \
  -d '{
    "merchant_order_id": "order_001",
    "request_details": {
      "headers": [
        {"key": "Content-Type", "value": "application/x-www-form-urlencoded"}
      ],
      "query_params": [
        {"key": "payment_intent", "value": "pi_3Oxxx..."},
        {"key": "payment_intent_client_secret", "value": "pi_3Oxxx..._secret_xxx"}
      ],
      "body": ""
    }
  }' \
  localhost:8080 \
  types.PaymentService/VerifyRedirectResponse

Response

{
  "source_verified": true,
  "connector_transaction_id": "pi_3Oxxx...",
  "response_amount": {
    "minor_amount": 1000,
    "currency": "USD"
  },
  "merchant_order_id": "order_001",
  "status": "AUTHORIZED"
}

Next Steps

Authorize - Initiate a payment that may require redirect authentication
Capture - Finalize the payment after successful verification
Get - Check payment status after verification
PaymentMethodAuthenticationService - Pre-authenticate before authorization

Last updated 23 minutes ago

Was this helpful?

hashtagOverview

hashtagPurpose

hashtagRequest Fields

hashtagResponse Fields

hashtagExample

hashtagRequest (grpcurl)

hashtagResponse

hashtagNext Steps

Overview

Purpose

Request Fields

Response Fields

Example

Request (grpcurl)

Response

Next Steps