Created with Sketch.
Created with Sketch.
Checkout 2.0

Server-side Callbacks

Server-side callback is an optional feature that allows you to subscribe to a notification that we will send when the purchase is completed successfully.

The feature must be enabled by Avarda (per merchant) before it can be used.


When a purchase is completed, we will always trigger a JavaScript callback in the browser. However, such a solution is unreliable by its nature. If the customer closes the browser window or loses Internet connection in the precise moment during the callback handling, the information that the payment has been completed might not reach the merchant’s application. Server-side callback, on the other hand, does not rely on the browser windows as the request is fired by our back-end and leads to your back-end (or any URL that you choose).


We will trigger the server-side callback only if you subscribe for it. The subscription must be made in the init method (in the client JavaScript) by specifying a URL that we should call:

var options = {
    divId: "checkOutDiv",
    purchaseId: "489ea341e23941089e6d0378c708512a",
    done: function (purchaseId) {
        window.location.href = "/done.php?purchaseId=" + purchaseId;
    callbackUrl: "",

    purchaseCompletedCallbackUrl: ""

While not enforced by us, we strongly recommend that you use an HTTPS URL rather than an unencrypted HTTP, for security reasons.

HTTP Request Structure

The HTTP request body contains a JSON object with the following structure:

    "purchaseId": "489ea341e23941089e6d0378c708512a"


Please contact us if you would like us to include an Authorization HTTP header to the requests that we send. This way, you can implement an HTTP Basic Authentication, or an authentication based on JWT tokens. The only limitation on our side is that the header data that we send is static so should you choose the JWT way, you must provide a token that has a very long expiration date or make sure to renew it manually.

For security reasons, we recommend that you do use authentication.