Scroll to top

Integrating PayFort — we suffered so you don’t have to

Jawad Sadiq - Nov 28, 2018 · 4 min read

Originally published on – View the original article here.

You think you’ve got a good productive day ahead when your client asks you to integrate an online payment gateway built by Amazon.

This is what my lead iOS Dev (Tahir Pasha) told me in response to this ticket “So i am going to create a sandbox account, integrate the SDK as mentioned in their documentation, test it, switch to production, and that’s it”

Getting Started

    1.  Get the documentation from this link,
    2.  the iOS SDK from here.
    3.  From your sandbox account copy the Merchant ID and Access Code,
    4.  From integration settings, set your REQUESTPHRASE that is required to create a Signature
    5.  Create the signature as shown on this link,
    6.  you need to get the SDK Token from the SDK Token URL as shown in section 5.3 of the documentation.
    7.  This SDK token now allows you to work with the SDK in your mobile app to process the payments based on your preferred payment method.

Simple? No.


Here are the problems you will run in after you’ve done all these steps and submit your app for review.

Server Side Authentication

After you submit your app for review, only then someone from payfort integration team will inform you that you need to authenticate and get the SDK token on server side and not your mobile app. So now you need to redo steps 5 and 6 on server side.

    •  Step 5 from above: Create the signature as shown on this link on your server-side, for this signature you will also need the user’s device ID
    •  Step 6 from above: Expose an API from server that accepts device id from mobile, creates a signature as mentioned above, requests the SDK token from Payfort and then provides that token to mobile app in its response. (p.s. since this code has nothing to do with your remaining back-end architecture, its better if you create a seperate microservice for this independent from your back-end)

Step 7 will remain the same as above, as once you have the SDK TOKEN in your mobile app, you can perform the remaining tasks same as before.

Direct Transaction Feedback URL

You also need to configure the Direct transaction feedback URL where Payfort will send to you the response parameters after processing the transaction.

Payfort says it is required in case where the user closed the browser before getting redirected to your return_url because the internet connection dropped or he closed the browser, or the problem was from your side as a merchant in the connection, Payfort will send you the response as POST Form on the this URL.

The idea is good, but the only problem is that Payfort expects you to make this POST api public without any authentication. This opens up your db for several security threats. Hence you need to create another separate micro-service, with its own private data store that only handles these responses (independent of your main db) and nothing else. Even then consolidating the information received in this api with your actual db will be another problem.


Debugging the error messages provided by PayFort are another challenge. For example:

    • error code 001: their documentation says it means “Missing Parameter”. It doesn’t specify which parameter is missing.

Moving to production

You would imagine that when payfort shifts your account from sandbox to production, they will move all the settings for you too. But no, once you’ve solved all the above problems and your account is approved for production, you need to activate your required payment methods manually.

And then, when you once again think you are done, you may also face one last problem.


Yeah you read that right.

In one scenario when there is error in processing payment at Payfort’s end or the user decides to cancel the payment while it is being processed, the Payfort API will give you a resposne instead of response.

The key that gives you messages in all other api is called “response_message”, whereas in this particular api it is “resposne_message”. It took us hours to figure this one out!

You will need to handle this spelling mistake in your app as well otherwise it will crash

Now you are done 🙂

Also I must say in the end that once it is set-up, Payfort is an exceptional service working really well and way better than our last payment processor.

Co-written with Tahir Pasha


Update 10th Jan 2019
So Payfort is acknowledging that it will fix resposne message by 21 Jan 2019:

Written by Jawad Sadiq

Versatile tech professional exploring 4th wave industry disruption. Blockchain, Cloud, & Ruby Aficionado. Founder at Devenings. Twitter: @jay_codez