7. Return variables

Detailed below are the possible variables returned to the receiver as the response to a PDT request or as part of an ITN from PayFast.


Transaction details

Name Description Include Length
m_payment_id Unique payment ID on the merchant’s system. recommended
pf_payment_id Unique transaction ID on PayFast. required
payment_status The status of the payment. required
item_name The name of the item being charged for. required 100 char
item_description The description of the item being charged for. recommended 255 char
amount_gross The total amount which the payer paid. required
amount_fee The total in fees which was deducated from the amount. required
amount_net The net amount credited to the receiver’s account. required
custom_str1..5 The series of 5 custom string variables (custom_str1, custom_str2…) originally passed by the receiver during the payment request. optional 255 char
custom_int1..5 The series of 5 custom integer variables (custom_int1, custom_int2…) originally passed by the receiver during the payment request. optional


Buyer details

Name Description Include Length
name_first The buyer’s first name. recommended 100 char
name_last The buyer’s last name. recommended 100 char
email_address The buyer’s email address recommended 100 char


Merchant details

Name Description Include
merchant_id The Merchant ID as given by the PayFast system. Used to uniquely identify the receiver’s account. required


Recurring billing details

Name Description Include Length
token Unique ID on PayFast that represents the subscription required 36 char

Should the buyer / subscriber cancel a subscription; an ITN call may be made. In this case, the payment_status field may return an additional status value.

Name Description Include Length
payment_status After a successful payment the status sent will be COMPLETE.
When a subscription is cancelled the status will be CANCELLED.


Security information

Name Description Include Length
signature A security signature of the transmitted data taking the form of an MD5 hash of the submitted variables. The string from which the hash is created, is the concatenation of the name value pairs of all the non-blank variables with ‘&’ used as a separator eg. “name_first=John&name_last=Doe&email_address=…” where pairs are listed in the order in which they appear on this page. This hash will be regenerated by the PayFast engine and the values compared to ensure the integrity of the data transfer. recommended 32 char


If the ITN callback method has been used, part of the security checking stage is confirming the received data’s signature, the following is a sample of generating the signature to compare.

If you have a passphrase set on your account “Settings” page, it will need to be added to the string used to generate the signature. The passphrase is never published or given out. It serves as an extra security measure to ensure that all information is accurate and has not been tampered with.

$pfData = $_POST;
// Construct variables 
foreach( $pfData as $key => $val )
    $data[$key] = stripslashes( $val );
if( isset( $passPhrase ) )
    $pfData['passphrase'] = $passPhrase;
foreach( $pfData as $key => $val )
    if( $key != 'signature' )
        $pfParamString .= $key .'='. urlencode( $val ) .'&';
// Remove the last '&' from the parameter string
$pfParamString = substr( $pfParamString, 0, -1 );
$signature = md5( $pfParamString );
   die('Invalid Signature');