Payland API v2
    • API Response Codes and Messages
    • Credit Card Info & Test Cards
    • Withdraw Info
    • Deposit
      • Create Deposit (Bank Transfer)
        POST
      • Create Deposit (Credit Card)
        POST
      • Create Deposit (Crypto)
        POST
      • Check Deposit Status
        GET
    • Withdraw
      • Create Withdraw (Bank Transfer)
        POST
      • Check Withdrawal Status
        GET
    • Callback
      • Callback Request
        POST

    Callback

    Callback Signature Verification#

    Each callback request includes a parameter named sign.
    This value is used to verify that the request was generated by our system
    and that the payload has not been modified.

    How the Signature is Generated#

    • The sign field is removed from the payload (if present).
    • The remaining data is converted directly into a query string format (e.g., key=value&key2=value2).
    • An HMAC-SHA256 hash is generated using this query string and your secretKey.
    • The resulting lowercase hexadecimal hash is sent as the sign value.

    How to Verify#

    1. Get the sign value from the callback request.
    2. Remove the sign field from the received data.
    3. Generate the HMAC-SHA256 hash using the same data and your secretKey.
    4. Compare your generated hash with the received sign.
    5. If both values match, the callback is valid.
    Important: The data must be processed in the exact same order as it is received.
    Do not reorder or sort the parameters.
    Example PHP code
    Modified at 2026-02-09 20:56:01
    Previous
    Check Withdrawal Status
    Next
    Callback Request
    Built with