This section explains how to handle the Redirect message returned by PayGate when a customer must be redirected to complete a payment.
What is Returned in the Redirect Message?
The Redirect message includes:
-
A dynamic URL
-
A set of KeyValuePairs that must be POSTed to that URL
Typical data includes:
-
PAYGATE_ID -
PAY_REQUEST_ID -
TRANSACTION_ID -
CHECKSUM
Important: The redirect data is dynamic. Always iterate through eachKeyValuePairinstead of hardcoding field names.
Redirect Methods
There are two implementation options:
1. Standard Redirect (Form POST)
Post the redirect fields to the PayGate endpoint using a form submission:
<form action="https://secure.paygate.co.za/payhost/redirect.trans" name="frmSubmit" id="frmSubmit" method="post">
<input type="hidden" name="PAYGATE_ID" value="10011072130" />
<input type="hidden" name="PAY_REQUEST_ID" value="7B44FC55-CA90-1922-B32D-00DD010772DB" />
<input type="hidden" name="CHECKSUM" value="5670e03e6c66ac4f7dac32f553a7f9c2" />
</form>
<script>document.forms["frmSubmit"].submit();</script>2. Redirect Inside an IFRAME
Same as above, but the form's target must match the IFRAME’s id.
<form action="https://secure.paygate.co.za/payhost/redirect.trans" method="post" target="iframeID">
<!-- Hidden inputs as above -->
</form>
<iframe id="iframeID"></iframe>
GET requests will not work — you must use POST for all redirections.
Example Values Returned
| Field | Description |
|---|---|
URL | Redirect endpoint |
PAYGATE_ID | Merchant ID |
PAY_REQUEST_ID | Transaction ID |
CHECKSUM | MD5 hash for verification |
Checksum Calculation (Outbound)
Use this format to generate a checksum:
$encryptionKey = 'test';
$data = array(
'PAYGATE_ID' => 10011072130,
'PAY_REQUEST_ID' => '7B44FC55-CA90-1922-B32D-00DD010772DB',
'REFERENCE' => 'Customer1'
);
$checksum = md5(implode('', $data) . $encryptionKey);
// Output: 5670e03e6c66ac4f7dac32f553a7f9c2
Always recalculate and validate the checksum before sending or accepting a redirect.
Redirect Back to Merchant
After authentication or payment, the customer is redirected back to your site via the ReturnUrl you supplied.
Redirect Payload
Standard HTTP POST with hidden form fields:
PAY_REQUEST_ID=7B44FC55-...&TRANSACTION_STATUS=1&CHECKSUM=d88fa44173...| Field | Description |
|---|---|
PAY_REQUEST_ID | Unique reference used earlier |
TRANSACTION_STATUS | Final transaction result (e.g. 1 = Approved) |
CHECKSUM | MD5 hash (see below) |
Checksum Calculation (Inbound)
$encryptionKey = 'test';
$data = array(
'PAYGATE_ID' => 10011072130,
'PAY_REQUEST_ID' => '7B44FC55-...',
'TRANSACTION_STATUS' => 1,
'REFERENCE' => 'Customer1'
);
$checksum = md5(implode('', $data) . $encryptionKey);
// Output: 802d69d20233e59406cca749e79d7421Concatenate:
PAYGATE_ID + PAY_REQUEST_ID + TRANSACTION_STATUS + REFERENCE + KEYExample:
100110721307B44FC55-...1Customer1test