# Transaction Validation While your backend learns about a transaction's outcome from the [payment completion redirect](/pay/getting-started/creating-a-payment-page.md#handle-the-redirect-back-to-your-website), it's a good idea to double-check that the data you received is authentic and hasn't been tampered with. Hyp Pay has an API endpoint that lets you verify the transaction details directly with our servers. ## Prerequisites In your Hyp Pay terminal settings, there's an option that tells the system to include a security signature in the redirect parameters. You'll need this signature for the validation process. This setting is usually on by default. To check it, log into your Hyp Pay account, go to **הגדרות** (**Settings**) and click on **API-דף תשלום ו** (**Payment Page and API**). Look for the **אימות** (**Verification**) section and make sure **אימות על ידי חתימה בעמודי התשלום** (**Verify by signature in the payment page**) is enabled. You also need to make sure your initial [payment page request](/pay/getting-started/creating-a-payment-page.md#create-a-payment-page-request) includes the `Sign` parameter set to `True`. This tells Hyp Pay to include the signature you'll need later in the redirect. ## How validation works Validation in Hyp Pay is **API-based**. Instead of doing complex math to calculate a signature yourself, you just send the parameters you got from the redirect back to us. We'll check them against our records and let you know if they match. To validate a transaction, have your backend send a GET request to `https://pay.hyp.co.il/p/` with these parameters: * `action` set to `APISign`. * `What` set to `VERIFY`. * `Masof` is your terminal number. * `KEY` is your Hyp Pay API key. * `PassP` is your Hyp Pay API password. * **Every parameter** that was sent to your success page URL, in the exact same order. The most important bit in the payment completion redirect is the `Sign` parameter. This is a unique signature Hyp Pay creates for that specific transaction. When you send it back in a `VERIFY` call, you're asking Hyp Pay to confirm that the signature matches the provided transaction. ## Example validation request Here's an example of a validation request. We took the parameters from a typical success redirect and added them to the `VERIFY` call: {% code overflow="wrap" %} ```http https://pay.hyp.co.il/p/?action=APISign&What=VERIFY&Masof=0010345518&KEY=your-api-key&PassP=your-api-password&Id=408941655&CCode=0&Amount=10&ACode=0505293&Order=12345678910&Fild1=Jenny%20Parkington&Fild2=jennyp%40example.co.il&Fild3=&Sign=a84b11187377554427f267a9139ad4fd7daf7fb661dd668a9b954cf41cd25904 ``` {% endcode %} When you send this request, Hyp Pay will give you a simple answer. If everything looks good and the parameters match what we have on file, you'll get a success code: ``` CCode=0 ``` If the validation fails — like if the signature is wrong or the transaction doesn't exist — you'll get an [error code](/pay/reference/response-status-codes.md). We **recommend validating every transaction** before you ship an order or give a customer access to your service. It's the best way to be sure you're only acting on real, authorized payments. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developers.hyp.co.il/pay/security/transaction-validation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.