Webhooks Frequently Asked Questions
What is a webhook?
Webhooks are automatic notifications sent by our system to your application whenever a relevant event occurs, such as a transaction being created or updated.
How do I receive webhooks?
Simply enter your endpoint URL when configuring the webhook in our API. Whenever an event occurs, we will send a POST to that URL.
How do I validate the authenticity of the webhook?
Each request includes the X-Webhook-Signature header, which is an HMAC SHA256 signature of the payload. Use your secret key (provided in the configuration) to validate and ensure that the payload came from our system.
What should I respond when receiving a webhook?
Respond with HTTP 200 OK if processed successfully. If there is an error, return the appropriate HTTP code (e.g., 400, 500). Our system may attempt to resend in case of failure.
How to handle duplicates or resends?
Implement idempotency: always check if the event has already been processed before performing any action. The transactionId field can be used for this.
How do I configure my receiving URL?
Use the /webhooks/subscribe endpoint of our API to register or update your URL. You can define different URLs for each type of operation (cashin, cashout, general).
How do I ensure security and privacy?
- Use HTTPS in your URL.
- Always validate the header signature.
- Never share your secret key.