Notification S2S

Server-to-server (S2S) notification about the payment status (Tinaba > Merchant Server).

This method that optimizes data exchange requires a prior security configuration. To use the S2S notification, you must contact Tinaba at for the exchange of information related to communication between infrastructures.

Attribute explanation

Name of domainTypeMandatoryDescription
externalIdStringYesPayment identifier on the merchant's server, sent during the creation phase of the pending payment.
checkoutStateStringYesPayment status.
000 = is successfully completed
001 = completed with error (payment failed)
004 = is a product that has already been purchased. Used only if the paymentMode in the initCheckout is MEDIA. In this case, the user can have access to the product without having to pay for it again
005 = pre-authorized payment to be confirmed. Used only if the paymentMode in the initCheckout is PREAUTH
signatureStringYesAuthentication and data integrity signature.
userAddressuserAddressNoIf one-click mode is configured, it contains the shipping and billing information of the user who ended the payment
userAddress.nameStringYesName Tinaba User
userAddress.surnameStringYesLast name Tinaba user
userAddress.emailStringYesEmail Tinaba user
userAddress.shippingAddressshippingAddressNoShipping address
userAddress.billingAddressbillingAddressNoBilling address
shippingAddress.receiverNameStringYesFull name on address
shippingAddress.capStringYesZip Code
shippingAddress.phoneNumberStringNoPhone number
billingAddress.receiverNameStringYesBilling first and last name
billingAddress.capStringYesZip Code
billingAddress.fiscalCodeStringYesTax code

The data integrity signature, exchanged in the "signature" field, is based on a shared secret, exchanged offline, and is generated using the SHA256 protocol.

signature = base64(SHA256(<merchantid><datefrom><dateto><secret>))</secret></dateto></datefrom></merchantid>

For more information on how to generate the integrity signature, see:

Data integrity >

Attribute explanation – response

Name of domainTypeMandatoryDescription
statusStringYes000 = OK

001 = KO




200 Success


400 Error Validation


// The request body as an associative array
$requestBody = json_decode($request->body, true);

$callbackRequest = CheckoutStateCallback::parse($request->body)

$valid = $client->verifyCallback($callbackRequest);

if($valid) {
  $successResponse = new CallbackSuccessResponse();

  // Return the response as json
  $responseBody = json_encode($successResponse->toArray());

   * Send the response as JSON with $responseBody as payload.
   * The following line is for example purpose only.
  return response()->json($responseBody, 200);
}else {
  // Handle error

For the full PHP SDK visit this link

from sdk.callbacks import CheckoutStateCallback
from sdk.exceptions import ValidationError

    callback = CheckoutStateCallback.create(request.json())
    # handle callback
    # return a response with body {"status": "000"}
except ValidationError:
    # handle exception

For the full PHP SDK visit this link