Step 4: Process Ozow response

Ozow will send the following posts back to the merchant:

  • Notification response

Notification response

We will post the response variables to the designated notification URL. Please note that if the notification URL (NotifyUrl) was not sent in the post variables, or set for the merchant site in the merchant admin site, we will not be able to send the notification post containing the response variables.

Use the hash response variable to verify the validity of the response. This process is further described in the response hash check section below.


Please note:

While we do our utmost to ensure that duplicate notifications are not sent to the notification URL, at times there might be instances where multiple notifications are sent for the same transaction. As such, it is of the utmost importance that your system is built in a manner that caters for this scenario, i.e. if you receive multiple notifications for the same payout your client/payer is not credited multiple times for the payout.

Response variables

1.PayoutIdGuidOzow's unique reference for the payout.
2.SiteCodeString (50)Unique code assigned to each merchant site.
3.MerchantReferenceString (20)Merchant's payout reference.
4.CustomerMerchantReferenceString (20)The reference that will be prepopulated in the "their reference" field in the customers online banking site. This will be the payout reference that appears on the merchant’s bank statement and can be used for recon purposes.
5.PayoutStatusObjectPayout status. Refer to PayoutStatus table.
6.HashCheckString (250)SHA512 hash used to ensure that certain fields in the message have not been altered after the hash was generated. Check the generate hash section below for more details on how to generate the hash.

Response hash check

Follow these steps to validate the response:

  1. Concatenate the response variables (excluding hash) in the order they appear in the response variables table.
  2. Append your API key to the concatenated string.
  3. Convert the concatenated string to lowercase.
  4. Generate a SHA512 hash of the lowercase concatenated string.
  5. Compare generated hash to the hash value in the response variables.

Notification Hash Calculation

using System.Security.Cryptography;
using System.Text;


void GeneratePayoutNotificationHash()
    var PayoutId = "00000000-0000-0000-0000-000000000000";
    var siteCode = "[YOUR SITE CODE]";
    var merchantReference = "123";
    var customerMerchantReference = "123";
    var payoutStatus = 1;
    var payoutSubStatus = 201;
    var apiKey = "[YOUR API KEY]";

    var inputString = string.Concat(PayoutId,

    var calculatedHashResult = GenerateRequestHashCheck(inputString);
    Console.WriteLine($"NotificationHashcheck: {calculatedHashResult}");    

string GenerateRequestHashCheck(string inputString)
    var stringToHash = inputString.ToLower();
    Console.WriteLine($"Before Hashcheck: {stringToHash}");

    return GetSha512Hash(stringToHash);

string GetSha512Hash(string stringToHash)
    using SHA512 alg = new SHA512CryptoServiceProvider();
    var bytes = alg.ComputeHash(Encoding.UTF8.GetBytes(stringToHash));

    var sb = new StringBuilder();
    foreach (var b in bytes)
        var hex = b.ToString("x2");

    return sb.ToString();
function GeneratePayoutNotificationHash()
    $PayoutId = "00000000-0000-0000-0000-000000000000";
    $siteCode = "[YOUR SITE CODE]";
    $merchantReference = "123";
    $customerMerchantReference = "123";
    $payoutStatus = 1;
    $payoutSubStatus = 201;
    $apiKey = "[YOUR API KEY]";

    $inputString = $PayoutId.$siteCode.$merchantReference.$customerMerchantReference.$payoutStatus.$payoutSubStatus.$apiKey;

    $calculatedHashResult = GenerateRequestHashCheck($inputString);
    echo "NotificationHashcheck: ".$calculatedHashResult;    

function GenerateRequestHashCheck($inputString)
    $stringToHash = strtolower($inputString);
    echo "Before Hashcheck: ".$stringToHash;

    return GetSha512Hash($stringToHash);

function GetSha512Hash($stringToHash)
    $bytes = hash("sha512", $stringToHash, true);
    $sb = "";
    foreach ($bytes as $b)
        $hex = sprintf("%02x", $b);
        $sb .= $hex;

    return $sb;


function GeneratePayoutVerificationRequestHash() {
var PayoutId = "00000000-0000-0000-0000-000000000000";
var siteCode = "[YOUR SITE CODE]";
var MerchantReference = "123";
var CustomerBankReference = "ABC123";
var PayoutStatus = 1;
var PayoutSubStatus = 201;
var apiKey = "[YOUR API KEY]";

var inputString = PayoutId + siteCode + MerchantReference + CustomerBankReference + PayoutStatus + PayoutSubStatus + apiKey;

var calculatedHashResult = GenerateRequestHashCheck(inputString);
console.log("Hashcheck: " + calculatedHashResult);

function GenerateRequestHashCheck(inputString) {
var stringToHash = inputString.toLowerCase();
console.log("Before Hashcheck: " + stringToHash);

return GetSha512Hash(stringToHash);

function GetSha512Hash(stringToHash) {
var sha512 = new jsSHA("SHA-512", "TEXT");
var hash = sha512.getHash("HEX");

return hash;

import hashlib

def GeneratePayoutNotificationHash():
PayoutId = "00000000-0000-0000-0000-000000000000"
siteCode = "[YOUR SITE CODE]"
MerchantReference = "123"
CustomerBankReference = "ABC123"
payoutStatus = 1;
payoutSubStatus = 201;
apiKey = "[YOUR API KEY]"

inputString = "{}{}{}{}{}{}{}{}{}{}".format(PayoutId, siteCode, MerchantReference, CustomerBankReference, payoutStatus,payoutSubStatus, apiKey)

calculatedHashResult = GenerateRequestHashCheck(inputString)
print("Hashcheck: {}".format(calculatedHashResult))

def GenerateRequestHashCheck(inputString):
stringToHash = inputString.lower()
print("Before Hashcheck: {}".format(stringToHash))

return GetSha512Hash(stringToHash)

def GetSha512Hash(stringToHash):
sha512 = hashlib.sha512()
return sha512.hexdigest()