Confirming payments
It’s critical to always confirm payment status on your backend—never trust the browser redirect or client confirmation screens alone.
Hubpay supports multiple ways to reliably confirm that a payment has completed.
Following these best practices helps protect you (and your customers) from spoofed, interrupted, or abandoned payment attempts.
Why is backend confirmation important?
- Security:
Redirect URLs or client-side messages can be manipulated or intercepted. - Reliability:
Network interruptions or user actions might prevent proper redirect or message delivery. - Regulatory compliance:
Proper confirmation helps ensure your records are accurate and auditable.
Best practices for confirming payment
Always use at least one of the following methods:
1. Webhooks (recommended)
Set up webhooks to receive real-time notifications from Hubpay when a payment is completed, cancelled, or otherwise updated.
- Payments are only confirmed when you receive a webhook event (e.g.
payment_request.paidorpayment_request.part_paid). - Webhooks are reliable, retry on failure, and allow fully automated workflows.
2. API lookup
Poll the Hubpay API to retrieve the latest payment status for a given payment request or link.
- After a redirect or client notification, fetch the status from the API before provisioning goods or services.
- This is useful as a fallback if you’re unable to receive webhooks.
Examples:
What not to do
- Do not rely solely on query parameters or success screens in the browser.
- Do not trigger order fulfillment or service delivery based on client-side messages.
Recommended flow
- Customer completes payment.
- Wait for the webhook or query the API to confirm payment is successful.
- Only then, update order status, release goods, or trigger next steps.