-
Getting Started
-
Domains
- Authentication & Headers
- Get Domain Pricing
- Search Domain Availability
- List Domains
- Register Domain
- Transfer Domain
- Get Registrar Domain Info
- Change Nameservers
- Registrar Lock (Enable/Disable)
- Whois Privacy (Toggle)
- Dns Management (Get/Set)
- Get Epp/Authorization Code
- Renew Domain
- Restore Expired Domain
- Get Local Domain Details
- Register Custom Nameserver (Glue Record)
- List Contact Profiles
- Create Contact Profile
- Update Contact Profile
- Assign Contacts To Domain
-
SMM | Lab (SEO)
-
Hosted Payments
-
Crypto Payments
-
Messaging
-
WhatsApp API
-
Email API
-
IPTV
IPN Validation
IPN VALIDATION (ALL INITIATED PAYMENTS & CHARGES)
This section applies to all successful payments or charges initiated through the UMVA platform that send a callback to your server, including:
- Server API Fiat charges (
/initiate-fiat). - Server API Crypto charges (
/initiate-crypto). - Hosted web checkout (
POST /payment/initiatewithipn_url). - Any other internal flows that ultimately send an IPN to your configured
ipn_url.
Signature Algorithm (All IPNs): UMVA signs every IPN using HMAC-SHA256:
signature = HMAC-SHA256(amount + identifier, merchant_secret_api_key)
You must recompute this signature on your server using the amount and identifier in the IPN payload and your Secret API Key, then compare it to the provided signature field.
Generic IPN Payload Structure:
{
"status": "success",
"identifier": "YOUR-ORDER-ID",
"signature": "HMAC-SHA256(amount + identifier, secret_api_key)",
"data": {
"payment_trx": "UMV-TRX-XXXXXX",
"amount": 100.50,
"net_amount": 98.00,
"charge": 2.50,
"payment_type": "api" | "api_crypto" | "hosted",
"currency": "USD"
}
}
Recommended IPN Validation Steps (Server-Side):
- Read the raw JSON body from the IPN request.
- Extract
status,identifier,signatureand thedataobject (includingamount,currency,payment_type,payment_trx). - Recompute
expected_signature = HMAC-SHA256(amount + identifier, your_secret_api_key). - Compare
expected_signatureto thesignaturefield from the IPN (constant‑time comparison where possible). - Verify that
statusis"success", thatamount,currency, andidentifiermatch what you expect for this order in your database, and thatpayment_typeis one of the expected values for this flow (api,api_crypto,hosted). - Ensure idempotency: if this
payment_trxoridentifierhas already been processed as paid, do not credit it again. - Only after all checks pass, mark the order as paid in your system and return HTTP 200 from your IPN endpoint.