Knowledgebase: Integration
Why am I not receiving the ITN callback?
Posted by Jonathan S on 22 Mar 2013 14:05

Below are some of the reasons why you are either not receicing your ITN callback or it appears as if you're not receiving the ITN callback:

You're ITN page is unreachable

The URL specified by your notify_url variable could be unreachable.

To test this, open a browser and navigate to the URL yourself. Ensure that the page is in fact reachable and returns a valid HTML response (200 OK etc.).

If your browser times out or gets a 500 error response, then the page is unreachable and indicates that there could be a problem with your web server configuration. Contact your system administrator to resolve.

You're ITN page performs a 302 redirect

It your notify page tries to redirect to another page immediately, it might not look like you are receiving the ITN callback, as, for security reasons, ITN does not follow redirects.

Ensure that all the processing which needs to occur, occurs at the notify_url location itself without requiring a redirect to another location.

Typical instances where this occurs without your knowledge, is where your notify_url is actually protected by a login mechanism and when the PayFast server tries to POST to it, the system redirects to a login page asking for a username and password.

Test this by clearing all session cookies (or using a different browser to normal) and navigating to the page yourself. If it redirects you to another page, that's your problem.

You're using CodeIgniter and CSRF protection is on

If you're using CodeIgniter, check that CSRF protection is turned off in your configuration.

CSRF protection prevents PayFast from POSTing data to your notify_url causing the page to fail with HTTP 500.

In your config.php file, ensure that the following setting is set:

$config['csrf_protection'] = FALSE;

Alternatively, you can disable CSRF protection for only your ITN page by using the following code, replacing "{your_function_name}" with your PayFast ITN function name:

$config['csrf_protection'] = ( isset( $_SERVER["REQUEST_URI"] ) && stripos($_SERVER["REQUEST_URI"],'/{your_function_name}') ) ? FALSE : TRUE;