Redirect URLs return users back to your application after they interact with the Trustly UI. When a user completes or cancels a workflow, the SDK redirects them to your specified returnUrl or cancelUrl respectively. These URLs capture critical transaction data through query parameters, which you can use to verify status, call Trustly APIs, or guide the user to the next step.
Receiving the redirect
Trustly returns the user to your application using a GET request, appending several fields to the URL. You can parse this data in your backend to handle the transition.
Preventing Tampered Redirects
To ensure the redirect is secure and authentic:
- Verify that the
merchantReferenceon the return URL matches the unique value you sent in the Establish Data Object for this session. - Validate the request by verifying the Redirect Signature in your backend before processing any data.
- Alternatively, call the Get Transaction API to confirm that the API response values match the parameters received in the redirect URL.
Example cancel URL
https://merchant.com/trustly.com/cancel?transactionId=1002632909&transactionType=1&merchantReference=123123&status=7&payment.paymentType=2&panel=1&payment.paymentProviderTransaction.status=UC01&requestSignature=tp%2B%2B%2BI5nM%2BSeOT8TQKLGvfaEGcs%3DExample return URL
https://merchant.com/trustly.com/return?transactionId=1002633191&transactionType=1&merchantReference=123123&status=2&payment.paymentType=2&payment.paymentProvider.type=1&payment.account.verified=false&panel=1&requestSignature=b7yr%2F3qOupPa1B7VeI32PhGQ7C8%3DProcess the return URL
Upon receiving a successful redirect to your returnUrl, you should associate the account on file with the provided transactionId.
If you are using the Split Token flow, you must also verify the corresponding incoming Authorize webhook event associated with this transactionId and store the splitToken provided in that event alongside the account details.
Parameters
The following table outlines the parameters appended to the redirect URL and provides their definitions.
| Parameter | Definition |
|---|---|
| transactionId | A unique Trustly transaction identifier. (15 characters) |
| transactionType | See Transaction Types for a complete list of values and their definitions. |
| merchantReference | A specific merchant reference for this cancellation. For example, this could be your order number or session id. |
| status | See Transaction Status Values for a complete list of values and their definitions. |
| payment.paymentType | See Payment Types for a complete list of values and their definitions. |
| payment.paymentProvider.type | See Payment Provider Types |
| payment.account.verified | Boolean status indicating if the bank account was verified during the flow. |
| panel | Integer value representing the Trustly screen the user exited the flow on. Refer to Panel Values for a complete list of values and their definitions. |
| payment.paymentProviderTransaction.status | Integer value representing the Payment Provider Transaction Status of the transaction. Refer to Payment Provider Transaction Status for a complete list of values and their definitions. |
| requestSignature | This is a signature that you can calculate to ensure the request you receive is coming from Trustly. See Verifying the Redirect Request for more information. |