Sample code: JSP

While we strive to ensure that all code we publish is accurate and well documented, the sample code given below isĀ user contributed code and is provided as is, without any guarantees as to its correctness or valid operation. If you have any queries concerning this code and debugging or further development thereof, please contact the contributor or a developer familiar with this particular language as we will be unable to assist you.

The sample code was kindly contributed by John Eatwell.

private static final String PAYFAST_VALIDATE_URL_TEST = "";

// In processRequest method of Servlet
Enumeration en = request.getParameterNames();
List nvps = new ArrayList ();
while (en.hasMoreElements()) {
     String parm = en.nextElement();
     String value = request.getParameter(parm);
     if (!parm.equals("signature"))
         nvps.add(new BasicNameValuePair(parm, value));
valid = isValidateData(PAYFAST_VALIDATE_URL_TEST, nvps);
// validateData method
 * Data Sent back to PayFast and validated against their site
 * @param site Validation site
 * @param list parameter list (minus signature)
 * @return true implies valid
private boolean isValidateData(String site,List list) {
     StringBuilder validResponse = new StringBuilder();
     InputStream instream = null;
     try {
         DefaultHttpClient httpclient = new DefaultHttpClient();
         HttpPost httpost = new HttpPost(site);
         httpost.setEntity(new UrlEncodedFormEntity(list, HTTP.UTF_8));
         HttpResponse response = httpclient.execute(httpost);
         HttpEntity entity = response.getEntity();
         if (entity != null) {
             instream = entity.getContent();
             int l;
             byte[] tmp = new byte[512];
             while ((l = != -1)
                 validResponse.append(new String(tmp, 0, l));
     } catch (Exception e) {
     } finally {
         if (instrem != null)
     if (validResponse.toString().equals("VALID"))
         return true;
         return false;
The code only covers the validation of data received from PayFast at the notify_url page; one of the checks done by the Notify to ensure the authenticity of the data received.