INVIPAY DOCS Help

Webhook Notifications

What Are Webhooks?

Webhooks are the primary communication channel between INVIPAY and your backend system. Each time a payment’s status changes, a POST request is sent to your specified Webhook URL. This keeps your system updated in real-time.

Example Webhook Format:

{ "id": "47871d13-dc12-3766-6123-ecadbb174367", "status": "success", "customerEmail": "[email protected]", "selectedBlockchain": "ETH", "selectedCurrency": "ETH_USDT", "paymentLinkId": "3e8debac-19de-206d-fd25-98a3cb3da289", "isTest": false }

Webhook Statuses

Status

Description

inProgress

The transaction has been received but is not yet confirmed. The customer can already access the “Back to Site” link.

success

The payment is confirmed, and your balance has been updated.

failed

The payment was unsuccessful, e.g., the payment expired or the customer sent an amount lower than expected.

Setting Up Webhooks

Follow these steps to enable webhooks for your system:

  1. Navigate to Dashboard > Settings > Developer Section > Manage Webhook Settings.

  2. Enter your Webhook URL (the endpoint where notifications will be sent).

  3. Set a Webhook Secret.

Webhook Secrets: Verifying Authenticity

To ensure the security of webhook requests, we strongly recommend enabling webhook secrets. Every signed webhook request includes an X-Signature header with an HMAC signature. This allows you to verify that the request came from INVIPAY.

Example: Verifying Webhooks in Golang

Here’s a simple example of how you can verify a webhook’s authenticity:

package main import ( "crypto/hmac" "crypto/sha256" "encoding/hex" "fmt" "io/ioutil" "net/http" ) func verifyWebhook(secret, signature, payload string) bool { mac := hmac.New(sha256.New, []byte(secret)) mac.Write([]byte(payload)) expectedMAC := mac.Sum(nil) return hmac.Equal(expectedMAC, []byte(signature)) } func handler(w http.ResponseWriter, r *http.Request) { // Replace with your webhook secret secret := "your-webhook-secret" // Read the signature from the headers signature := r.Header.Get("X-Signature") // Read the body payload body, _ := ioutil.ReadAll(r.Body) // Verify the webhook if verifyWebhook(secret, signature, string(body)) { fmt.Println("Webhook verified!") } else { fmt.Println("Invalid webhook!") } } func main() { http.HandleFunc("/webhook", handler) http.ListenAndServe(":8080", nil) }
Last modified: 05 December 2024
Supported Currencies & Fees