OnlinePay API
V2
V1
V2
V1
  1. Notify
  • Introduction
    • Introduction
    • How to Start
    • Country Code
    • Country Info
    • Currency Code
    • Error Code
    • Transfer Order Info Type
    • Transfer Order File Type
    • Per Bank
    • Spei Bank
    • Vietnam Bank
    • V2 Signature Specification
  • Payin
    • Credit Card API
      POST
    • Alipay API
      POST
    • GCash API
      POST
    • WeChat API
      POST
    • PIX API
      POST
    • Crypto API
      POST
    • Union Pay API
      POST
    • SPEI API
      POST
    • SEPA API
      POST
    • Per Transfer API
      POST
    • Cash App API
      POST
    • Google Pay API
      POST
    • Apple Pay API
      POST
    • MONO API
      POST
    • Vietnam Bank API
      POST
    • CheckOut API
      POST
    • CheckOut Payment API
      POST
    • OnRamps API
      GET
  • Payout
    • PER Transfer Payout API
    • Checkout Payout API
    • Card Payout API
    • Bank Account Payout API
    • PIX Payout API
    • PER Transfer Payout API
    • SPEI Payout API
    • CashApp Payout API
    • Checkout Payout API
    • Query Payout Order API
    • Upload SEPA File API
  • Refund
    • Refund API
  • Card
    • Create Cardholder API
    • Create Card API
    • Active Card API
    • Freeze Card API
    • UnFreeze Card API
    • Cancel Card API
    • TopUp Card API
    • Card Withdraw API
    • Query Card Balance API
    • Query Card Info API
    • Query Card Transaction API
    • Add VPA Scene API
    • UploadFile API
  • Query
    • Query Payout Order API
    • Query Order API
    • QueryOrderList API
    • QueryBalance API
    • QueryOrderAmount API
  • Notify
    • Pay Notify WebHook API
      POST
    • Card Notify WebHook API
      POST
    • Refund Notify WebHook API
      POST
    • Chargeback Notify WebHook API
      POST
  • Schemas
    • UserArray
    • CheckStandV2Request
    • ApiResponse
    • PayoutCheckStandV2Request
    • QueryPayOutV2Request
    • V2EncryptedEnvelope
    • V2EncryptedNotification
    • PaymentNotificationPayload
    • ProductParams
    • Category
    • PayoutCheckStandV2Response
    • PaymentNotification
    • QueryPayOutV2Response
    • PayoutQueryResult
    • Pet
    • OrderQueryV2Data
    • PayoutCheckStandV2Data
    • CheckStandV2Response
    • RefundNotificationPayload
    • CheckStandV2Data
    • ChargebackNotificationPayload
    • Tag
    • OrderQueryV2Request
    • OrderQueryV2Response
    • Order
    • User
  1. Notify

Chargeback Notify WebHook API

Testing Env
https://testpay.onlinepay.ai
Testing Env
https://testpay.onlinepay.ai
POST
/notify/v2/chargeback
NOTE
If the notifyurl parameter is passed, onlinepay will notify the address of the payment result

Overview#

When a chargeback occurs for an order, the system will send a chargeback notification to the merchant's configured notification URL. Merchants need to implement receiving and verification logic according to this document.

Notification Method#

Request Method: POST
Data Format: application/json; charset=UTF-8
Character Encoding: UTF-8

Notification URL Configuration#

The system will obtain notification URLs according to the following priority:
1.
Priority 1: Merchant uploaded protest_notify_url during payment
2.
Priority 2: Chargeback Notification URL configured in merchant backend developer center
If both URLs are not configured, no notification will be sent.

What You Receive#

POST your protest_notify_url
Content-Type: application/json

{
  "encryptedData": "U2FsdGVkX1+ghi789...=",
  "encryptedKey": "aZLW7pFrNgc+kJxsT2...=",
  "signType": "RSA256"
}

Step 1: Decrypt#

// 1. RSA decrypt encryptedKey with OnlinePay Public Key → get AES key
// 2. AES decrypt encryptedData with AES key → get plaintext JSON below

Step 2: Decrypted Fields#

ParameterTypeRequiredDescription
tradeNoStringYesPlatform transaction order number
merOrderNoStringYesMerchant order number
codeStringYesNotification type code, fixed value 11
messageStringYesNotification message
reasonStringNoChargeback reason description
currencyStringYesChargeback amount currency
amountStringYesChargeback amount
chargebackFeeStringYesChargeback fee
chargebackCurrencyStringYesChargeback currency
signTypeStringYesMD5 or RSA256
signStringYesSignature value for verifying notification authenticity

Decrypted JSON Example#

{
  "tradeNo": "T202309011234567890",
  "merOrderNo": "MER20230901001",
  "code": "11",
  "message": "chargeback",
  "reason": "Unauthorized transaction",
  "currency": "USD",
  "amount": "100.00",
  "chargebackFee": "15.00",
  "chargebackCurrency": "USD",
  "signType": "RSA256",
  "sign": "d4e5f6g7h8..."
}

Step 3: Verify Signature#

1.
Sort all fields by key (exclude sign, signType, skip null/empty)
2.
Join as key1=value1&key2=value2
3.
Verify by signType:
MD5: MD5(signString + md5Key).toUpperCase() == sign
RSA256: RSA-SHA256-Verify(signString, sign, OnlinePay_PublicKey)

Example#

Fields: tradeNo, merOrderNo, code, message, reason, currency, amount, chargebackFee, chargebackCurrency
Sign string: amount=100.00&chargebackCurrency=USD&chargebackFee=15.00&code=11&currency=USD&merOrderNo=MER20230901001&message=chargeback&reason=Unauthorized transaction&tradeNo=T202309011234567890

Step 4: Respond#

Return HTTP 200 to acknowledge receipt. If other status codes are returned, the system will consider the notification failed.
HTTP/1.1 200 OK
Content-Type: text/plain

success

Security Recommendations#

1.
Must verify signature: Always verify the sign parameter after receiving notifications to ensure authenticity
2.
Idempotency handling: The same chargeback may receive multiple notifications, merchants need to handle idempotency
3.
Timely response: Recommend responding within 5 seconds to avoid timeout retries
4.
Log recording: Recommend logging all received notifications and processing results for troubleshooting

Request

Body Params application/jsonRequired

Example
{
    "encryptedData": "U2FsdGVkX1+ghi789...=",
    "encryptedKey": "aZLW7pFrNgc+kJxsT2...=",
    "signType": "RSA256"
}

Request Code Samples

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location 'https://testpay.onlinepay.ai/notify/v2/chargeback' \
--header 'Content-Type: application/json' \
--data '{
    "encryptedData": "U2FsdGVkX1+ghi789...=",
    "encryptedKey": "aZLW7pFrNgc+kJxsT2...=",
    "signType": "RSA256"
}'

Responses

🟢200
Return HTTP 200 to acknowledge receipt
This response does not have a body.
Modified at 2026-05-20 02:29:55
Previous
Refund Notify WebHook API
Next
UserArray
Built with