Webhook

Notify Merchant Webhook

Description: The purpose of the webhook is to notify the merchant about the real-time update of the statuses of incoming payments. We recommend correctly interpreting the types of statuses to avoid undesired behaviors.

Webhook URL: The URL notification provided by the merchant. This URL has to be placed on your admin panel at the device configuration. Webhooks are provided per device.

Method: POST

Header: The following fields are being included:

○ ‘X-NONCE’: Unix Timestamp.
○ ‘X-SIGNATURE’: hexadecimal(hmac_sha256(merchant_secret_key, nonce + body)).

Important: In order to verify that the body information is correct, the merchant must create a signature with the formula previously shown and compare it with the X-SIGNATURE received in the header. Also is recommended to reject the body information if there has been an elapsed time of 15/20 seconds since the Unix Timestamp.

Output data: JSON with all the payment information. Example:

{  
   "fiat_amount": 5.0,
   "status": "AC",
   "crypto_amount": 0.06519511,
   "unconfirmed_amount": 0.770000002,
   "confirmed_amount": 0.0,
   "currency": "DASH",
   "identifier": "cc80e0b5-f779-4094-be65-fcee4b5bd041"
}

X-SIGNATURE verification

Body example:

{ 
   "fiat_amount": 100.0,
   "status": "AC",
   "crypto_amount": 1.21461894,
   "unconfirmed_amount": 8.0,
   "confirmed_amount": 0.0,
   "currency": "DASH",
   "identifier": "1040095a-737d-41a2-a2e1-d031d19ec8cd"    
}

Nonce: "1645634942"

Merchant Secret Key:

bytes.fromhex("02d4b921007cad413e79731dd02b3267cd43a14d150a0ae6a1c651942122bb62")

• X-SIGNATURE hexadecimal(hmac_sha256(merchant_secret_key, nonce + body)):

"ff2ac6c50f09916783f1192c35e7f169a14a806e944827b9136bf1406ade8c9d"

Webhook Response

On the response of the webhook you will receive multiple parameters. The most important are:

• status (most important are ‘AC’ + safe=True, ‘CO’ and ‘OC’).

• fiat_amount (payment amount in fiat EUR)

• received_amount (will be smaller than fiat_amount if status is ‘OC’)