Skip to main content


Last updated: 05-Jan-2022
Rate this article:


You can use the Instant Notification Service (INS) to automate order management processes by accepting order information via web posts. The INS is a service that will post sets of parameters to any URL you specify. Each post represents a message containing all the information you need about a specific event (such as when a recurring order re-bills successfully).

Enabling Notifications

In the seller admin, you can enable INS notifications under the Notifications tab. Messages can be enabled or disabled by selecting the checkbox for each message type and you may define either a Global URL for receipt of all messages or individual URLs per message as needed. You may also view and resend Successful and Failed INS notifications by clicking the Success and Failed sub-tab on the Notifications page. By clicking the Test sub-tab you may send test INS posts from inside your account to your URLs.

ins 2checkout

Listening for Notifications

Notifications are sent by an HTTP POST request to the message URL that you specified on the Notifications tab. The message parameters are passed as key => value pairs. Your message URL should route to the script where you will be handling the message. You can listen for messages by simply setting up logic in your application to take action based on the message_type parameter that is passed in each message.

Validating the Notification

Each notification message will include an MD5 hash that is computed using the secret word that you set up in your account.

The hash is returned on each message through the md5_hash key and is computed as follows:

UPPERCASE(MD5_ENCRYPTED(sale_id + vendor_id + invoice_id + Secret Word))

Each of our community-supported libraries provides a binding to validate the hash on a notification message.


Below is an example PHP script that listens for the Fraud Status Changed message.


    if ($_POST['message_type'] == 'FRAUD_STATUS_CHANGED') {

        $insMessage = array();
        foreach ($_POST as $k => $v) {
        $insMessage[$k] = $v;

        # Validate the Hash
        $hashSecretWord = "tango"; # Input your secret word
        $hashSid = 1303908; #Input your seller ID (2Checkout account number)
        $hashOrder = $insMessage['sale_id'];
        $hashInvoice = $insMessage['invoice_id'];
        $StringToHash = strtoupper(md5($hashOrder . $hashSid . $hashInvoice . $hashSecretWord));

        if ($StringToHash != $insMessage['md5_hash']) {
            die('Hash Incorrect');

        switch ($insMessage['fraud_status']) {
            case 'pass':
                # Do something when sale passes fraud review.
            case 'fail':
                # Do something when sale fails fraud review.
            case 'wait':
                # Do something when sale requires additional fraud review.



Rate this article:

Need help?

Do you have a question? If you didn’t find the answer you are looking for in our documentation, you can contact our Support teams for more information. If you have a technical issue or question, please contact us. We are happy to help.

Not yet a Verifone customer?

We’ll help you choose the right payment solution for your business, wherever you want to sell, in-person or online. Our team of experts will happily discuss your needs.

Verifone logo