Webhook

Getting Started

Webhooks allow your application to receive real-time notifications about payment events. When a payment is completed, our system sends a POST request to your specified webhook URL with details about the transaction.

To use webhooks, you need to specify a webhook URL when generating your payment link.

Payload Structure

When a payment is completed, we send a POST request to your webhook URL with the following data:

{
	"transaction_id": "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
	"customer_core_id": "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890",
	"timestamp": "2023-06-15T14:30:45Z",
	"amount": "10.5",
	"currency": "USDX",
	"status": "completed",
	"custom_data": {
	// Your additional JSON data (if provided when generating the link)
},
"tk": "signature_token_for_verification"
}

The payload includes the transaction ID, customer Core ID (if filled in the form), timestamp, and any additional JSON data you provided when generating the link.

Security

The webhook is protected by a token (tk) in the body parameter. This token is generated from our GPG signature using encryption ed25519 of the payload we send in the body.

Important Security Notice

Always verify the token before processing the payment! Bad actors could forge the webhook URL and send you fake data.

Our GPG public key is available here. You should use this key to verify the signature in the token.

Additionally, to ensure only trusted requests are accepted, please add our domain to your CORS allowlist.

Transaction Verification

After receiving a webhook notification, you should verify the transaction data using a blockchain explorer such as blockindex.net.

You can use the Blockbook API to programmatically verify transaction details including:

Transaction existence
Amount transferred
Sender and recipient addresses
Confirmation status

Only process orders after confirming that the blockchain transaction matches the details in the webhook payload.