When a customer chooses your provider, Tringify sends a signed request to your charge endpoint. Create or retrieve the matching provider payment, then return exactly one approved browser handoff. Cards, bank transfers, wallets, and other payment choices remain inside the provider experience.
Verify and deduplicate the request#
Verify the signature against the exact request body before parsing it. Use session_id as the idempotency key. If the same session is sent again with the same store, order, amount, currency, and return URLs, return the original provider session instead of creating another charge. Reject the request if any of those values differ.
{
"session_id": "session_…",
"protocol_version": "1",
"declaration_revision_id": "revision_…",
"store_id": "store_…",
"market_id": "market_…",
"store_name": "Acme Goods",
"order_id": "order_…",
"order_number": "1042",
"amount": "1499.00",
"currency_code": "INR",
"customer_email": "buyer@example.com",
"return_url": "https://shop.example/checkout/return",
"cancel_url": "https://shop.example/checkout/payment",
"expires_at": "2026-07-13T12:30:00Z"
}
Choose one browser handoff#
Return a public HTTPS launch_url when the payment provider gives you a hosted checkout URL. Tringify opens the gateway URL directly; do not add an app-owned intermediary page.
When Tringify documents a reviewed browser adapter for your provider, return browser_action instead. The handler name selects that adapter, complete_url receives the provider result for server verification, and payload contains only the public per-session values the adapter requires. Never include credentials, executable code, or a script URL.
{
"success": true,
"browser_action": {
"handler": "razorpay_standard_checkout",
"complete_url": "https://payments.example.com/session/session_…/complete",
"payload": {
"key": "public_key_…",
"order_id": "provider_order_…",
"amount": 149900,
"currency": "INR"
}
},
"provider_session_id": "provider_session_…"
}