What causes the ITN security check errors?

What causes the ITN security check errors?

Invalid signature

This would be caused by the incorrect use of the passphrase, or the incorrect order of variables in the string that is MD5 hashed to generate the signature.

Although this signature is generated in the same way as the signature on the POST to PayFast, the signature is different as it is generated using the return variables.

Bad access of page

This error is caused either by the notify URL not responding with a 200 OK, or if the valid data security check fails. The valid data security check confirms that the data received by the notify URL matches the data sent by PayFast. You will need to ensure that CURL is enabled on your server and setup to be able to receive external data.

Amount mismatch

This error is due to the amount sent in the ITN not matching the amount stored in your DB for the transaction in question.

Bad source IP address

This error is caused by the ITN not being received from a specified PayFast source. This is often due to the use of a proxy server.


    • Related Articles

    • Why am I not receiving the ITN callback?

      Below are some of the reasons why you are either not receiving your ITN callback or it appears as if you're not receiving the ITN callback: You're ITN page is unreachable The URL specified by your notify_url variable could be unreachable. To test ...
    • How do I resolve a WooCommerce / Joomla ITN issue?

      When attempting a transaction, and the ITNs seem not to be going through to your application, go to https://developers.payfast.co.za/docs#ports-ips and unblock / whitelist the IPs and ports listed.  Should the issue persist, please check your cPGuard ...
    • Do I need to set the ITN url on my account?

      When using the one of our payment modules, the ITN url is set automatically and you do not need to set it on your account manually.
    • What causes the error "The supplied variables are not according to specification"?

      This error is thrown if any of the POSTed values are incorrect, for instance, if the merchant_id or merchant_key is incorrect (possibly due to using a sandbox credentials on the live site), the following error will be thrown ‘The supplied variables ...
    • What causes an invalid URL error?

      The PayFast system will pick up on ‘local’ or ‘localhost’ in the return, cancel and notify URLs and throw the invalid URL error. This is because it is not possible to test the ITN locally due to no server to server communication. The site needs to be ...