LogoLogo
  • 🧩i'mport Payment Integration Docs
    • 🚗GET STARTED
  • 🛫Setup
    • 🖥️1. Create an account
    • 🧷2. Set up PG
      • 🏢Payment gateway settings
        • ⌨️NHN KCP
        • ⌨️KG INICIS
        • ⌨️NICE Payments
        • ⌨️Toss Payments
        • ⌨️KICC
        • ⌨️Paymentwall
        • ⌨️Daou
        • ⌨️다날 설정
        • ⌨️JTNET 설정
        • ⌨️세틀뱅크 설정
        • ⌨️KG모빌리언스 설정
        • ⌨️스마트로 설정
        • ⌨️페이팔 설정
        • ⌨️엑심베이 설정
        • ⌨️블루월넛 설정
      • ⛺간편 결제사
        • ⌨️카카오페이 설정
        • ⌨️토스간편결제 설정
        • ⌨️네이버페이(결제형) 설정
        • ⌨️페이코 설정
        • ⌨️차이 설정
        • ⌨️알리페이 설정
    • ✔️3. Check required info
  • Payment window
    • 🖥️Authenticated payment
      • 📒Definition
      • 🌠1. Add i'mport library
      • 💡2. Initialize IMP object
      • 🪧3. Request payment
      • 🎁4. Process payment result
        • 🪟Iframe method
        • 🖼️Redirect method
      • 🔦5. Verify payment information
      • 🛬6. Complete payment
    • ⏰Non-authenticated payment
      • 🏍️Request billing key payment
        • 🖱️REST API
        • 🛡️PG window
      • 💳Key-in payment using card info
      • 🪧Subscription payment using billing key
    • 💸Payment cancellation (refund)
      • 💷Virtual account refund
  • Payment result
    • ⚒️Set up a webhook
  • Other Services
    • 📱Mobile identity verification
      • 📔1. Prepare for verification
      • 🥏2. Request verification
      • 🚚3. Send verification result
      • 🤹4. Get verification info
    • 🚚Integrated identity verification
      • 📒Prepare for verification
      • 🥏Request verification
      • 🚚Send verification result
      • 🤹Get verification info
    • 💳Credit card identity verification
      • 📒1. Prepare for verification
      • 🥏2. Request verification
      • 🚚3. Send verification result
      • 🤹4. Get verification info
    • 💻Generate payment URL
    • 🛩️Integrate budget handler
    • 📟Native mobile SDKs
  • TIPS
    • 🌽Tax exemption on payments
    • ✅Service launch checklist
    • 🔏Confirm Process
    • 🎼i'mport payment flow
    • 🎈Agency & Tier
    • 📦Billing key issuance by PG
    • 🏦Bank codes by PG
    • 🧾PG codes
    • 🚚Courier codes
    • 🪧What is redirection?
    • 📰PG error codes
  • Admin console
    • 🎡Admin console guide
      • Apply for online payment
      • My ID & API keys
      • Manage admin & sub-merchant accounts
      • Integrate payment
      • Payment activity
    • 💻Integrating Multiple PGs
  • API
    • 📋i'mport API overview
    • 🖇️REST API Access Token
    • 💳Payment API
      • ⌨️Cancel payment API
      • ⌨️Get payment API
      • ⌨️Get payments API
      • ⌨️Get payments by status API
      • ⌨️Get payments by order ID, status (All)
      • ⌨️Get payments by order ID, status (Top 1)
      • ⌨️Get balance API (for split payment transaction)
      • ⌨️Get payments by billing key API
      • ⌨️Save payment amount API
      • ⌨️Update payment amount API
      • ⌨️Get payment amount API
    • 📝Billing key API
      • ⌨️Request billing key API
      • ⌨️Delete billing key API
      • ⌨️Get billing key API
      • ⌨️Get billing keys API
      • ⌨️Get scheduled payments API
    • 🧭Subscription payment API
      • ⌨️Schedule payment API
      • ⌨️Cancel scheduled payment API
      • ⌨️Get scheduled payments API
      • ⌨️Get scheduled payment API
      • ⌨️Get scheduled payments by billing key API
    • 🪂Non-authenticated payment API
      • ⌨️Request non-authenticated payment (billing key) API
      • ⌨️Request non-authenticated payment (one-time) API
    • 🇺🇲🇺🇲 Overseas PG API
      • ⌨️Paymentwall delivery API
    • 👮‍♂️👮♂ Identity verification API
      • ⌨️Get identity verification result API
      • ⌨️Delete identity verification API
      • ⌨️Request identity verification API
      • ⌨️Confirm identity verification API
    • 🎫Simple payment service API
      • 🧽Kakao Pay
        • ⌨️Get order API
      • 🛩️KCP Quick Pay
        • ⌨️Delete user API
      • 🧰PAYCO
        • ⌨️Update order status API
      • 📗Naver Pay
        • ⌨️Confirm escrow order API
        • ⌨️Accrue points API
        • ⌨️Get cash receipt amount API
    • 🏦Escrow API
      • ⌨️Get delivery info API
      • ⌨️Add delivery info API
      • ⌨️Update delivery info API
    • 💵Cash receipt API
      • ⌨️Cancel cash receipt transaction API
      • ⌨️Get cash receipt API
      • ⌨️Request cash receipt API
      • ⌨️Cancel cash receipt (external) API
      • ⌨️Get cash receipt (external) API
      • ⌨️Request cash receipt (external) API
    • 🏛️Virtual account API
      • ⌨️Request virtual account API
      • ⌨️Cancel virtual account API
      • ⌨️Update virtual account API
      • ⌨️Get account holder API
    • 🍶Miscellaneous API
      • 🎽Benepia point
        • ⌨️Get points API
        • ⌨️Request point payment API
      • 🏪Convenience store payment
        • ⌨️Request barcode API
        • ⌨️Cancel barcode API
      • 🗃️Financial institution codes
        • ⌨️Get credit card codes (All) API
        • ⌨️Get credit card name API
        • ⌨️Get bank codes (All) API
        • ⌨️Get bank name API
      • 🛖PG information
        • ⌨️Get PG MIDs API
  • SDK
    • 📚Javascript SDK
      • 💿Payment request parameters
      • 📀Payment response parameters
      • 💿Identity verification request parameters
      • 📀Identity verification response parameters
      • ✏️SDK Release Notes
  • FAQ
    • ⁉️FAQ
  • 🔑Payment integration by PG
    • 🏢Payment gateways
      • ⌨️NHH KCP
      • ⌨️KG INICIS
      • ⌨️Toss Payments
      • ⌨️NICE Payments
      • ⌨️KICC
      • ⌨️Daou (PAYJOA)
        • 📍Precautions for using PAYJOA
      • ⌨️KG Mobilians
      • ⌨️Paymentwall
      • ⌨️Danal
      • ⌨️Settlebank
      • ⌨️JTNET
      • ⌨️Smartro
      • ⌨️PayPal
      • ⌨️Eximbay
      • ⌨️Blue Walnut
    • ⛺Simple payments
      • ⌨️Naver Pay (Standard)
      • ⌨️Kakao Pay
      • ⌨️PAYCO
      • ⌨️Alipay
      • ⌨️Toss
  • Korean Integration Docs
Powered by GitBook
On this page
  • STEP 01 Server receives payment result
  • STEP 02 Get payment details
  • STEP 03 Verify payment information
  1. Payment window
  2. Authenticated payment

5. Verify payment information

Verify the payment information for secure payment service implementation.

PreviousRedirect methodNext6. Complete payment

Last updated 2 years ago

Based on the payment information from the client, the server verifies the payment amount for fraud and saves the payment information in the database if needed. The following are the steps for verifying the payment information.

  • Server receives the i'mport payment ID (imp_uid) and order ID (merchant_uid)

  • Call the to get the payment details.

  • Based on the response, compare the actual payment amount with the payment request amount (from merchant's database).

STEP 01 Server receives payment result

Example of receiving a POST request to the merchant endpoint URL that receives the payment information

server-side
app.use(bodyParser.json());
  // "{Merchant endpoint that receives server's payment info}" POST request receiver
  app.post("/payments/complete", async (req, res) => {
    try {
      // Get imp_uid, merchant_uid from req.body
      const { imp_uid, merchant_uid } = req.body; 
    } catch (e) {
      res.status(400).send(e);
    }
  });

STEP 02 Get payment details

Example of calling the API with the i'mport payment ID (imp_uid) to retrieve the payment info.

server-side
app.use(bodyParser.json());
    ...
    app.post("/payments/complete", async (req, res) => {
      try {
        // Get imp_uid, merchant_uid from req.body
        const { imp_uid, merchant_uid } = req.body; 
        ...
        // Get access token
        const getToken = await axios({
          url: "https://api.iamport.kr/users/getToken",
          method: "post", // POST method
          headers: { "Content-Type": "application/json" }, 
          data: {
            imp_key: "imp_apikey", // REST API key
            imp_secret: "ekKoeW8RyKuT0zgaZsUtXXTLQ4AhPFW3ZGseDA6bkA5lamv9OqDMnxyeB9wqOsuO9W3Mx9YSJ4dTqJ3f" // REST API Secret
          }
        });
        const { access_token } = getToken.data.response; // access token
        ...
        // Get payment info from i'mport server using imp_uid
        const getPaymentData = await axios({
          // Pass imp_uid
          url: \`https://api.iamport.kr/payments/\${imp_uid}\`, 
          // GET method
          method: "get", 
          // Add access toke to Authorization header
          headers: { "Authorization": access_token } 
        });
        const paymentData = getPaymentData.data.response; // Payment info
        ...
      } catch (e) {
        res.status(400).send(e);
      }
    });

STEP 03 Verify payment information

Why fraud detection is necessary

Since the payment request is made on the client side, a payment request can be forged or falsified by manipulating the client script. Therefore, you must compare the original requested amount with the actual processed amount after the payment process is complete.

For example, when paying for a product that costs 100,000 won, an attacker can manipulate the client script to change the amount property to a value lower than the actual amount.

Since you cannot prevent script manipulation on the client, you must check for fraud on the server after the payment is processed.

Example of comparing the actual payment amount with the payment request amount, performing fraud check on the payment amount, and saving the data in the DB.

server-side
app.use(bodyParser.json());
  ...
  app.post("/payments/complete", async (req, res) => {
    try {
      // Get imp_uid, merchant_uid from req.body
      const { imp_uid, merchant_uid } = req.body; 
      // Get access token
      /* ...Omitted... */
      // Get payment info from iamport server using imp_uid
      /* ...Omitted... */
      const paymentData = getPaymentData.data.response; // Payment info
      ...
      // Get the requested payment amount from the DB
      const order = await Orders.findById(paymentData.merchant_uid);
      const amountToBePaid = order.amount; // Requested payment amount
      ...
      // Verify payment
      const { amount, status } = paymentData;
      // If amount matches. Processed amount === Requested amount
      if (amount === amountToBePaid) { 
        await Orders.findByIdAndUpdate(merchant_uid, { $set: paymentData }); // Save payment info to DB
        ...
        switch (status) {
          case "ready": // Issue virtual account
            // Save virtual account info in DB
            const { vbank_num, vbank_date, vbank_name } = paymentData;
            await Users.findByIdAndUpdate("/* customer id */", { $set: { vbank_num, vbank_date, vbank_name }});
            // Send virtual account issuance text message
            SMS.send({ text: \`Virtual account issued successfully. Account info \${vbank_num} \${vbank_date} \${vbank_name}\`});
            res.send({ status: "vbankIssued", message: "Virtual account issued successfully" });
            break;
          case "paid": // Payment complete
            res.send({ status: "success", message: "General payment successful" });
            break;
        }
      } else { // Amount mismatch. Forged/falsified payment.
        throw { status: "forgery", message: "Forged/falsified payment attempted" };
      }
    } catch (e) {
      res.status(400).send(e);
    }
  });

The original requested amount is queried from the database with the merchant_uid, and the actual processed amount is retrieved from the i'mport server with the imp_uid. The two values ​​are compared to verify that they match. If the verification is successful, the payment information is saved in the database and a response is returned based on the payment status (status). Otherwise, an error message is returned.

The payment result must be processed on the database based on the data received through a for stable processing without any missing result data.

🖥️
🔦
Get payment API
Get payment
webhook