Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.ozura.com/llms.txt

Use this file to discover all available pages before exploring further.

After the customer completes checkout, they’re sent back to your website. Here’s what happens.

What Ozura Does Automatically

When a customer successfully pays: 
1. Customer clicks "Pay Now"

2. Card data is tokenized (PCI compliant)

3. Payment is processed server-side

4. Ozura marks the session as "completed" ← Automatic!

5. Customer is redirected to your successUrl with payment details
Ozura marks the session complete automatically before redirecting – you don’t need to call a “complete” endpoint. However, you should verify the session status server-side before fulfilling orders to prevent URL spoofing.

URL Overview

URLWho hosts it?Query params?Purpose
successUrlMerchantYes — transaction dataOrder confirmation page
cancelUrlMerchantNoReturn to cart / storefront
errorUrlOzura (recommended) or MerchantYes — error code + messageNon-recoverable error display

Possible Outcomes

OutcomeWhere Customer Ends UpSession Status
Payment succeededYour successUrlcompleted
Fixable error (card declined)Stays on checkout – inline error shownpending
Unrecoverable error (system issue)Your errorUrl with error detailsfailed
Customer cancelledYour cancelUrlcancelled
Session expiredOzura expiration page → button → your cancelUrlexpired

Success URL

After a successful payment, the customer is redirected to your successUrl with transaction details appended as query parameters. Use these to display an order confirmation. 
https://yoursite.com/success?success=true&sessionId=session_xxx&checkoutMode=payment&transactionId=2603130000113B86C&transactionType=sale&amount=25.00&currency=USD&ozuraMerchantId=ozu_abc&cardLastFour=4242&cardBrand=VISA&metadata=%7B%22orderId%22%3A%22order_123%22%7D
Billing PII is not included in the redirect URL. Name, email, phone, and address are omitted from the success URL to avoid them appearing in server access logs and browser history. If you need billing details, retrieve them server-side from the session via GET /api/sessions/{sessionId}.

Success URL Parameters

Parameters are only appended when the value is present in the processor response — do not assume every key is always in the URL. success, sessionId, checkoutMode, and transactionType are always present. Transaction Info:
ParameterDescriptionExample
successAlways "true" for successful paymentstrue
sessionIdYour session ID (for verification)session_xxxxxx
checkoutModeSession type: payment, donation, or recurringpayment
metadataYour custom metadata (JSON-encoded string). Internal fields apiKey, ozuraApiKey, idempotencyKey, merchantName, and waxKey are automatically filtered. For sessions that originated from a payment link, paymentLinkId is not filtered and will appear here.{"orderId":"order_123"}
transactionIdUnique transaction ID from the payment processor2603130000113B86C
transactionTypeType of transactionsale
amountFinal charged amount (includes tax/surcharge)25.00
currencyISO 4217 currency codeUSD
ozuraMerchantIdYour merchant IDozu_abc123
surchargeAmountSurcharge applied (if any)0.00
tipAmountTip amount (if any)0.00
transDateTransaction timestamp (ISO 8601)2026-03-13T19:25:47.276Z
Card Info:
ParameterDescriptionExample
cardLastFourLast 4 digits of card0002
cardExpMonthCard expiration month12
cardExpYearCard expiration year31
cardBrandCard networkVISA

Reading the Data

const url = new URL(window.location.href);
const transactionId = url.searchParams.get('transactionId');
const amount = url.searchParams.get('amount');
const currency = url.searchParams.get('currency');
const checkoutMode = url.searchParams.get('checkoutMode');
const metadata = JSON.parse(url.searchParams.get('metadata') || '{}');
// Display your confirmation page with this data
Do not rely solely on redirect parameters for order fulfillment. The success redirect is a client-side browser redirect — a user could fabricate these query parameters. For backend order processing (marking orders as paid, triggering shipping, etc.), verify the transaction server-side by checking the session status via the API. The redirect data is for displaying a confirmation UI, not for trusted business logic.

Cancel URL

When a customer cancels checkout, they are redirected back to your cancelUrl. No additional parameters are appended — this is a simple navigation back to your site. Recommended: Set cancelUrl to your cart or product page so the customer can return to shopping seamlessly. The checkout session is automatically marked as cancelled.
No special page is needed for cancelUrl. Point it at your existing cart or storefront page.
Behavior by integration mode:
ModeWhat happens on cancel
RedirectPlain redirect to cancelUrl
IframePlain redirect to cancelUrl
Popup / New TabPopup closes automatically and a CHECKOUT_CANCELLED postMessage is sent to the opener. If window.close() fails (browser restrictions), falls back to redirecting to cancelUrl

Error URL

Non-recoverable errors (system failures, authentication issues) redirect customers to errorUrl with diagnostic query parameters.
Recoverable errors like card declines are handled inline on the checkout page — the customer sees the error and can retry immediately. Only non-recoverable errors trigger the errorUrl redirect.
Recommended: Use Ozura’s default error page: 
{
  "errorUrl": "https://checkout.ozura.com/error"
}
This provides a clean, branded error page with a “Return to Store” button that uses your cancelUrl — no extra work required. If you prefer a custom error page, parse these query parameters:
ParameterDescriptionExample
successAlways "false"false
errorCodeMachine-readable error code (see below)SYSTEM_ERROR
errorHuman-readable error messagePayment processing failed
cancelUrlYour cancel URL (use for a “Return to Store” button)https://yoursite.com/cart

Error Codes

CodeMeaningWhen it triggers
SESSION_FAILEDSession is in a failed stateSession loaded but its status is already failed
SYSTEM_ERRORNon-recoverable processing errorServer error, network failure, or unexpected exception during payment
MANUAL_REVIEWTransaction flagged for manual reviewPayment processor returned an ambiguous result requiring review
FORBIDDENToo many failed payment attemptsCustomer exceeded the per-session attempt limit

Always Verify Before Fulfilling Orders

Always verify payments server-side before fulfilling orders.
A malicious user could attempt to visit your success URL directly. Always check the session status: 
app.get('/success', async (req, res) => {
  const { sessionId } = req.query;
  
  // Check session status with Checkout API
  // No headers required - session ID acts as access token
  const response = await fetch(`https://checkout.ozura.com/api/sessions/${sessionId}`);
  const data = await response.json();
  
  if (data.data.session.status === 'completed') {
    // ✅ Session verified as completed
    // ⚠️ YOUR RESPONSIBILITY: Fulfill the order with your business logic
    await updateOrderStatus(sessionId, 'paid'); // YOUR implementation
    res.render('success');
  } else {
    // Not confirmed - don't fulfill
    res.redirect('/error?error=Payment+not+confirmed');
  }
});

Session Statuses

StatusWhat It MeansRedirects To
pendingWaiting for payment (not done yet)
completedPayment successfulsuccessUrl
failedPayment attempt failederrorUrl
cancelledCustomer clicked cancelcancelUrl
expiredSession timed out (30 minutes)cancelUrl

Summary

StepWho Does It
Process paymentOzura (automatic)
Mark session completeOzura (automatic)
Redirect to successUrlOzura (automatic)
Show confirmationYou (your business logic)
Verify session statusYou (recommended for security)
Fulfill orderYou (your business logic: emails, database, shipping, etc.)

Next Steps