search

Webhook

hashtag
Notify Merchant Webhook

Description: The purpose of the webhook is to notify the merchant about the real-time update of the statuses of incoming payments. We recommend correctly interpreting the types of statuses to avoid undesired behaviors.

Webhook URL: The URL notification provided by the merchant. This URL has to be placed on your admin panel at the device configuration. Webhooks are provided per device.

Method: POST

Header: The following fields are being included:

○ ‘X-NONCE’: Unix Timestamp.
○ ‘X-SIGNATURE’: hexadecimal(hmac_sha256(merchant_secret_key, nonce + body)).

Important: In order to verify that the body information is correct, the merchant must create a signature with the formula previously shown and compare it with the X-SIGNATURE received in the header. Also is recommended to reject the body information if there has been an elapsed time of 15/20 seconds since the Unix Timestamp.

Output data: JSON with all the payment information. Example:

{  
   "fiat_amount": 5.0,
   "status": "AC",
   "crypto_amount": 0.06519511,
   "unconfirmed_amount": 0.770000002,
   "confirmed_amount": 0.0,
   "currency": "DASH",
   "identifier": "cc80e0b5-f779-4094-be65-fcee4b5bd041"
}

X-SIGNATURE verification

Body example:

Nonce: "1645634942"

Merchant Secret Key:

bytes.fromhex("02d4b921007cad413e79731dd02b3267cd43a14d150a0ae6a1c651942122bb62")

  • X-SIGNATURE hexadecimal(hmac_sha256(merchant_secret_key, nonce + body)):

"ff2ac6c50f09916783f1192c35e7f169a14a806e944827b9136bf1406ade8c9d"

hashtag
Webhook Response

On the response of the webhook you will receive multiple parameters. The most important are:

  • status (most important are ‘AC’ + safe=True, ‘CO’ and ‘OC’).

  • fiat_amount (payment amount in fiat EUR)

  • received_amount (will be smaller than fiat_amount if status is ‘OC’)

AnteriorAPI IntegrationSiguienteMCP - Model Context Protocol

Última actualización