Webhook Deposit

The notification URL is specified in the platform settings in the personal account.

Toggle 'Enable withdraw webhook' is ON in the platform settings in the personal account.

The notification is sent only after a successful incoming transaction.

After all actions are completed, a response with a 200 status must be returned. Otherwise, there will be 2 additional attempts to resend the notification.

Ensure that the signature is verified for security purposes.

Signature Verification Example

@RestController
public class SignatureVerificationController {

    private static final String PLATFORM_ID = "your-platform-id";
    private static final String SECRET = "your-api-key";

    // Helper function to generate HMAC-SHA256 signature
    private String generateSignature(String signatureContract, String secret) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac sha256HMAC = Mac.getInstance("HmacSHA256");
        SecretKeySpec secretKey = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
        sha256HMAC.init(secretKey);
        byte[] hash = sha256HMAC.doFinal(signatureContract.getBytes(StandardCharsets.UTF_8));
        StringBuilder result = new StringBuilder();
        for (byte b : hash) {
            result.append(String.format("%02x", b));
        }
        return result.toString();
    }

    // Platform notification URL
    @PostMapping("/notification")
    public ResponseEntity<String> notificationWebHook(@RequestBody Map<String, Object> body, @RequestHeader HttpHeaders headers) throws NoSuchAlgorithmException, InvalidKeyException, JsonProcessingException {
        // Signature Verification    
        ObjectMapper objectMapper = new ObjectMapper();
        String sortedBodyJson = objectMapper.writeValueAsString(body);

        // Generate the signature contract string
        String signatureContract = PLATFORM_ID + ";" + sortedBodyJson + ";" + SECRET;

        // Generate HMAC-SHA256 signature
        String signature = generateSignature(signatureContract, SECRET);

        // Get the signature from the headers
        String receivedSignature = headers.getFirst("x-signature");

        // Compare the generated signature with the received signature
        if (StringUtils.hasText(receivedSignature) && signature.equals(receivedSignature)) {
            return ResponseEntity.ok("Signature is valid");
        } else {
            return ResponseEntity.status(400).body("Invalid signature");
        }
    }
}

body = request.get_json()

# Platform and secret keys (example placeholders)
platform_id = 'your-platform-id'
secret = 'your-api-key'

# Generate the signature contract string
signature_contract = f'{platform_id};{body};{secret}'

# Generate HMAC-SHA256 signature
signature = hmac.new(secret.encode(), signature_contract.encode(), hashlib.sha256).hexdigest()

# Get the signature from the headers
received_signature = request.headers.get('x-signature', '')

# Compare the generated signature with the received signature
if signature == received_signature:
    return 'Signature is valid', 200
else:
    return 'Invalid signature', 400

<?php
// Retrieve the raw JSON body from the request
$json = file_get_contents('php://input');
$body = json_decode($json, true);

// Sort the body
$sortedBody = json_encode($body);

// Platform and secret keys (example placeholders)
$platformId = 'your-platform-id';
$secret = 'your-api-key';

// Generate the signature contract string
$signatureContract = $platformId . ";" . $sortedBody . ";" . $secret;

// Generate HMAC-SHA256 signature
$signature = hash_hmac('sha256', $signatureContract, $secret);

// Retrieve the request headers
$headers = getallheaders();

// Get the signature from the headers
$receivedSignature = $headers['x-signature'] ?? '';

// Compare the generated signature with the received signature
if ($signature === $receivedSignature) {
    echo 'Signature is valid';
    // Proceed with further processing
} else {
    echo 'Invalid signature';
    // Handle the error accordingly
}

Headers

Name

Type

Description

x-signature

string

SHA-256 encrypted signature

Content-Type

string

application/json

Request Body

Name

Type

Description

type

string

The type of callback, for example, deposit

platformId

integer

Your Platform ID

paymentId

integer

Payment ID

orderId

string

Order ID of your platform.

amount

string

Amount in cryptocurrency

txhash

string

The transaction hash in the blockchain system, used to track the transaction.

addressFrom

string

The sender’s wallet address from which the funds are being withdrawn.

addressTo

string

The recipient’s wallet address to which the funds are being sent.

confirmations

integer

The number of confirmations a transaction has received. This field is used in networks such as Bitcoin, Litecoin, Dogecoin, Bitcoin Cash, and Dash.

For these networks, the system sends up to two webhook notifications for the same transaction:

• the first webhook is sent when the transaction receives 1 confirmation; • the second webhook is sent when the transaction receives 2 confirmations.

If a transaction is first detected with 2 confirmations, the system sends only one webhook notification corresponding to the 2-confirmation state. In this case, the webhook for 1 confirmation is not sent.

destinationTag

integer

An additional parameter tag, used in Ripple blockchain.

amountReceive

string

The actual credited amount to the user's balance after all deductions.

feeService

string

Service fee charged by the platform for processing the transaction. This fee is retained by the service provider.

feeNetwork

string

Blockchain network fee required for processing the transaction on-chain. This is paid to network validators/miners.

Resending Webhook Notifications

You can resend a webhook notification from your personal account by following these steps:

Navigate to the transactions section in your personal account.
Locate and click on the desired transaction.
In the opened window, you will see a field displaying the webhook response.
Click the "Resend" button to resend the webhook notification.

PreviousCheck withdraw NextWebhook Withdraw

Last updated 1 month ago

hashtagSignature Verification Example

hashtagHeaders

hashtagRequest Body

hashtagResending Webhook Notifications

Signature Verification Example

Headers

Request Body

Resending Webhook Notifications