Beside using order API to get your orders, you can also using the webhook order to get your new orders.
To do so, you should create a web page or web function to handle the order you receive from SUBPLACE and provide this URL to your SUBPLACE BP account.
When there is a subscriber place and pay an order, SUBPLACE will call your webhook URL and sending you the order detail by form posting.
The order detail will be in JSON format as in the order API.
While you confirming the order in your BP account, SUBPLACE will send to the same URL with the order JSON with delivery number for fulfilment purpose.
When there is a new paid order or someone confirming your new order, SUBPLACE will do a form posting to your webhook URL with the form parameter as below:
signature = [the signed string]
order = [JSON of order array]
for the signature is signed according to same approach as other API and is upto the receiver side to verify it or not.
(The format of combination text to sign will be provided when it is confirm confirmed)
The order is an array of order detail in JSON format as below:
[
{
"no": "SO-13529",
"status": "Approved",
"overall_status": "New",
"created_time": "5-6-2024, 3:04 PM",
"pay_time": "5-6-2024, 3:04 PM",
"approval_time": null,
"terminate_time": null,
"store":{"name": "ITSU"},
"subscriber":{"name": "xxxx", "email": "abc@subplace.com", "mobile_no": "0123891190"…},
"plan":{
"name": "ITSU Aire Track",
"variation_name": "ITSU Aire Track ",
"sku": null,
"quantity": 1,
"model": "Rent-to-Own",
"subscription_period": 48,
"effective_time": "Next Month",
"delivery_mode": "One Time",
"ctos_score": null,
"cycle": null,
"status": "Pending Approval",
"product":[
{
"name": "ITSU Aire Track",
"variation":[
{
"name": "Color ",
"option": "Black"
}
]
}
],
"upfront":{
"grand_total": "68.00"
}
},
"address":{"billing":{"contact_name": "Lu Chee Leong", "contact_no": "60123891190", "email": "cheeleong.lu@gmail.com",…},
"delivery": null,
"ref1": "A0001",
"ref2": null,
"ref3": null
You may verify the signature to ensure the data is posting from SUBPLACE. However, this is not compulsory. You may ignore this section if you do not want to verify.
The following is the step to verify the signature:
Retrieve the body content
$dataReceive = json_decode(file_get_contents("php://input"), true);
Define the secret key
$secret_key = bp_api_secret;
Signature hashing method
$signaturehash = base64_encode(hash_hmac('sha256', json_encode($dataReceive), $secret_key, true));
$signature = "signature=".$signaturehash;
Retrieve the signature in the header and compare it with your signature hash
$headers = apache_request_headers();
$hmac_header = $headers['X-Signature-Sha256'];
Compare the 2 signature. It should be identical.