Skip to main content
After the customer completes checkout, they’re sent back to your website. Here’s what happens.

What Ozura Does Automatically

When a customer successfully pays: 
1. Customer clicks "Pay Now"

2. Card data is tokenized (PCI compliant)

3. Payment is processed server-side

4. Ozura marks the session as "completed" ← Automatic!

5. Customer is redirected to your successUrl with payment details
Ozura marks the session complete automatically before redirecting – you don’t need to call a “complete” endpoint. However, you should verify the session status server-side before fulfilling orders to prevent URL spoofing.

URL Overview

URLWho hosts it?Query params?Purpose
successUrlMerchantYes — transaction dataOrder confirmation page
cancelUrlMerchantNoReturn to cart / storefront
errorUrlOzura (recommended) or MerchantYes — error code + messageNon-recoverable error display

Possible Outcomes

OutcomeWhere Customer Ends UpSession Status
Payment succeededYour successUrlcompleted
Fixable error (card declined)Stays on checkout – inline error shownpending
Unrecoverable error (system issue)Your errorUrl with error detailsfailed
Customer cancelledYour cancelUrlcancelled
Session expiredOzura expiration page → button → your cancelUrlexpired

Success URL

After a successful payment, the customer is redirected to your successUrl with transaction details appended as query parameters. Use these to display an order confirmation. 
https://yoursite.com/success?success=true&sessionId=session_xxx&checkoutMode=payment&transactionId=2603130000113B86C&transactionType=sale&amount=25.00&currency=USD&ozuraMerchantId=ozu_abc&cardLastFour=4242&cardBrand=VISA&metadata=%7B%22orderId%22%3A%22order_123%22%7D
Billing PII is not included in the redirect URL. Name, email, phone, and address are omitted from the success URL to avoid them appearing in server access logs and browser history. If you need billing details, retrieve them server-side from the session via GET /api/sessions/{sessionId}.

Success URL Parameters

Transaction Info:
ParameterDescriptionExample
successAlways "true" for successful paymentstrue
sessionIdYour session ID (for verification)session_xxxxxx
checkoutModeWhether this was a payment or donation sessionpayment
metadataYour custom metadata (JSON-encoded string). Internal fields like apiKey, ozuraApiKey, idempotencyKey, merchantName, and waxKey are automatically filtered out.{"orderId":"order_123"}
transactionIdUnique transaction ID from the payment processor2603130000113B86C
transactionTypeType of transactionsale
amountFinal charged amount (includes tax/surcharge)25.00
currencyISO 4217 currency codeUSD
ozuraMerchantIdYour merchant IDozu_abc123
surchargeAmountSurcharge applied (if any)0.00
tipAmountTip amount (if any)0.00
transDateTransaction timestamp (ISO 8601)2026-03-13T19:25:47.276Z
Card Info:
ParameterDescriptionExample
cardLastFourLast 4 digits of card0002
cardExpMonthCard expiration month12
cardExpYearCard expiration year31
cardBrandCard networkVISA

Reading the Data

const url = new URL(window.location.href);
const transactionId = url.searchParams.get('transactionId');
const amount = url.searchParams.get('amount');
const currency = url.searchParams.get('currency');
const checkoutMode = url.searchParams.get('checkoutMode');
const metadata = JSON.parse(url.searchParams.get('metadata') || '{}');
// Display your confirmation page with this data
Do not rely solely on redirect parameters for order fulfillment. The success redirect is a client-side browser redirect — a user could fabricate these query parameters. For backend order processing (marking orders as paid, triggering shipping, etc.), verify the transaction server-side by checking the session status via the API. The redirect data is for displaying a confirmation UI, not for trusted business logic.

Cancel URL

When a customer cancels checkout, they are redirected back to your cancelUrl. No additional parameters are appended — this is a simple navigation back to your site. Recommended: Set cancelUrl to your cart or product page so the customer can return to shopping seamlessly. The checkout session is automatically marked as cancelled.
No special page is needed for cancelUrl. Point it at your existing cart or storefront page.
Behavior by integration mode:
ModeWhat happens on cancel
RedirectPlain redirect to cancelUrl
IframePlain redirect to cancelUrl
Popup / New TabPopup closes automatically and a CHECKOUT_CANCELLED postMessage is sent to the opener. If window.close() fails (browser restrictions), falls back to redirecting to cancelUrl

Error URL

Non-recoverable errors (system failures, authentication issues) redirect customers to errorUrl with diagnostic query parameters.
Recoverable errors like card declines are handled inline on the checkout page — the customer sees the error and can retry immediately. Only non-recoverable errors trigger the errorUrl redirect.
Recommended: Use Ozura’s default error page: 
{
  "errorUrl": "https://checkout.ozura.com/error"
}
This provides a clean, branded error page with a “Return to Store” button that uses your cancelUrl — no extra work required. If you prefer a custom error page, parse these query parameters:
ParameterDescriptionExample
successAlways "false"false
errorCodeMachine-readable error code (see below)SYSTEM_ERROR
errorHuman-readable error messagePayment processing failed
cancelUrlYour cancel URL (use for a “Return to Store” button)https://yoursite.com/cart

Error Codes

CodeMeaningWhen it triggers
SESSION_FAILEDSession is in a failed stateSession loaded but status is failed
SYSTEM_ERRORNon-recoverable payment processing errorServer error, network failure, unexpected exception
AUTH_ERRORPayment service authentication failedMerchant API key rejected by payment processor
MANUAL_REVIEWTransaction flagged for manual reviewPayment processor returned an ambiguous result requiring review

Always Verify Before Fulfilling Orders

Always verify payments server-side before fulfilling orders.
A malicious user could attempt to visit your success URL directly. Always check the session status: 
app.get('/success', async (req, res) => {
  const { sessionId } = req.query;
  
  // Check session status with Checkout API
  // No headers required - session ID acts as access token
  const response = await fetch(`https://checkout.ozura.com/api/sessions/${sessionId}`);
  const data = await response.json();
  
  if (data.data.session.status === 'completed') {
    // ✅ Session verified as completed
    // ⚠️ YOUR RESPONSIBILITY: Fulfill the order with your business logic
    await updateOrderStatus(sessionId, 'paid'); // YOUR implementation
    res.render('success');
  } else {
    // Not confirmed - don't fulfill
    res.redirect('/error?error=Payment+not+confirmed');
  }
});

Session Statuses

StatusWhat It MeansRedirects To
pendingWaiting for payment (not done yet)
completedPayment successfulsuccessUrl
failedPayment attempt failederrorUrl
cancelledCustomer clicked cancelcancelUrl
expiredSession timed out (30 minutes)cancelUrl

Summary

StepWho Does It
Process paymentOzura (automatic)
Mark session completeOzura (automatic)
Redirect to successUrlOzura (automatic)
Show confirmationYou (your business logic)
Verify session statusYou (recommended for security)
Fulfill orderYou (your business logic: emails, database, shipping, etc.)

Next Steps