9. Opayo replies to your POST

On this page:


Whatever authorisation Status is returned, the Opayo gateway always replies in the Response section of your:

  • Transaction Registration POST for non-3D-authenticated transactions, or
  • The terminal URL POST when 3D-Authentication was attempted.

Returned Fields and Values

When the transaction is registered successfully, you will receive:

  • The unique transaction reference (VPSTxId)
  • A 10-digit alphanumeric SecurityKey, used to digitally sign the transaction.

When the transaction is authorised you will receive an OK Status and a TxAuthNo. You can then display a completion page to your customer and thank them for their order. After storing the relevant transaction IDs in your database, your payment processing is now complete.

Always store the following in your database:

  • Order details
  • SecurityKey
  • TxAuthNo
  • VendorTxCode
  • VPSTxId
Note: All other messages are authorisation failures and you should inform your customer that their payment was not accepted.


The SecurityKey value is needed to REFUND and to perform automated actions on the transaction within the Opayo Direct interface.


The TxAuthNo field is only present when the transaction was authorised by the bank. It contains a unique reference number for the authorisation called the VPSAuthCode. This is separate to the Authorisation Code sent by the bank, which is returned in the BankAuthCode field.

The TxAuthNo identifies transactions sent to the bank during settlement as the VendorTxCode is not universally supported. The bank refers you to the transaction using the TxAuthNo.


❮ Back to Step 8.Next: Step 10. ❯