# Verifying a Payment

All successful paysly responses contain a signed JWT (Json Web Token) which you can use to verify payments. If you are unfamiliar with JWTs, check out jwt.io for an overview.

All tokens described below are sigend using RS256. Auth0 has a great blog covering RS256 signature verification, to help you get started decoding them. Paysly's public key is:

1
2
3
4
5
6

This can also be retrieved by importing the paysly npm module's publicKey function:

import { publicKey } from 'paysly';
const payslyPublicKey = await publicKey();

1
2

# Checkout

When you created a checkout session, you supplied a success_url to the redirectToCheckout function:

paysly.redirectToCheckout({
  // ...
  success_url: 'https://example.com/success',
});

1
2
3
4

Upon payment completion, users will be redirected to the specified page. In order to verify a payment on your success page...

Initialize the paysly package:

const Paysly = require('paysly');
// replace 'pk_test_yourPublicKey-I3gcWtGXPuyWFRk2YD5' with your public key
// from the paysly dashboard
const paysly = await Paysly('pk_test_yourPublicKey-I3gcWtGXPuyWFRk2YD5');

1
2
3
4

Then, fetch a securely signed token from paysly:

paysly.validateCheckout().then((result) => {
  // handle result
  sendTokenToYourServerForVerification(result.token);
});

1
2
3
4

The returned result is a stripe payment intent object, with a signed version of this object in result.token. To verify the payment, you will want to supply this token to a secure environment (typically a web server), then decode it and ensure it contains the data you expect. This can be done with one of the numerous JWT libraries.

At a minimum, you will want to verify that the status is succeeded and the amount received is the amount you expect.

# Elements

After a charge is successfully created using paysly.createCharge, it's promise will be resolved with a stripe charge object. A signed version of this object will be in the returned result's token property, as well:

paysly.createCharge(
 // ...
).then((result) => {
  // handle result
  sendTokenToYourServerForVerification(result.token);
});

1
2
3
4
5
6

To verify the payment, you will want to supply this token to a secure environment (typically a web server), then decode it and ensure it contains the data you expect. This can be done with one of the numerous JWT libraries.

When validating the result, the contained paid attribute is the simplest way to check if the charge succeeded. You can also verify that amount is the value that you expect.

← Recurring Charges API →