PassimPay
  • Preparation for integration
  • Example of a signature
  • Create an invoice link
  • Check invoice
  • List of cryptocurrencies
  • Get a balance
  • Get address
  • Get Network Fee
  • Withdraw
  • Check withdraw
  • Webhook V2
  • Exchange
    • Pairs
    • Estimated
    • Exchange
    • Webhook exchange
Powered by GitBook
On this page
  • Signature Verification Example
  • Resending Webhook Notifications

Webhook V2

The notification URL is specified in the platform settings in the personal account.

The notification is sent only after a successful incoming transaction.

After all actions are completed, a response with a 200 status must be returned. Otherwise, there will be 2 additional attempts to resend the notification.

Ensure that the signature is verified for security purposes.

Signature Verification Example

@RestController
public class SignatureVerificationController {

    private static final String PLATFORM_ID = "your-platform-id";
    private static final String SECRET = "your-api-key";

    // Helper function to generate HMAC-SHA256 signature
    private String generateSignature(String signatureContract, String secret) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac sha256HMAC = Mac.getInstance("HmacSHA256");
        SecretKeySpec secretKey = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
        sha256HMAC.init(secretKey);
        byte[] hash = sha256HMAC.doFinal(signatureContract.getBytes(StandardCharsets.UTF_8));
        StringBuilder result = new StringBuilder();
        for (byte b : hash) {
            result.append(String.format("%02x", b));
        }
        return result.toString();
    }

    // Endpoint to verify the signature
    @PostMapping("/verify-signature")
    public ResponseEntity<String> verifySignature(@RequestBody Map<String, Object> body, @RequestHeader HttpHeaders headers) throws NoSuchAlgorithmException, InvalidKeyException, JsonProcessingException {
        
        ObjectMapper objectMapper = new ObjectMapper();
        String sortedBodyJson = objectMapper.writeValueAsString(body);

        // Generate the signature contract string
        String signatureContract = PLATFORM_ID + ";" + sortedBodyJson + ";" + SECRET;

        // Generate HMAC-SHA256 signature
        String signature = generateSignature(signatureContract, SECRET);

        // Get the signature from the headers
        String receivedSignature = headers.getFirst("x-signature");

        // Compare the generated signature with the received signature
        if (StringUtils.hasText(receivedSignature) && signature.equals(receivedSignature)) {
            return ResponseEntity.ok("Signature is valid");
        } else {
            return ResponseEntity.status(400).body("Invalid signature");
        }
    }
}

body = request.get_json()

# Platform and secret keys (example placeholders)
platform_id = 'your-platform-id'
secret = 'your-api-key'

# Generate the signature contract string
signature_contract = f'{platform_id};{body};{secret}'

# Generate HMAC-SHA256 signature
signature = hmac.new(secret.encode(), signature_contract.encode(), hashlib.sha256).hexdigest()

# Get the signature from the headers
received_signature = request.headers.get('x-signature', '')

# Compare the generated signature with the received signature
if signature == received_signature:
    return 'Signature is valid', 200
else:
    return 'Invalid signature', 400
<?php
// Retrieve the raw JSON body from the request
$json = file_get_contents('php://input');
$body = json_decode($json, true);

// Sort the body
$sortedBody = json_encode($body);

// Platform and secret keys (example placeholders)
$platformId = 'your-platform-id';
$secret = 'your-api-key';

// Generate the signature contract string
$signatureContract = $platformId . ";" . $sortedBody . ";" . $secret;

// Generate HMAC-SHA256 signature
$signature = hash_hmac('sha256', $signatureContract, $secret);

// Retrieve the request headers
$headers = getallheaders();

// Get the signature from the headers
$receivedSignature = $headers['x-signature'] ?? '';

// Compare the generated signature with the received signature
if ($signature === $receivedSignature) {
    echo 'Signature is valid';
    // Proceed with further processing
} else {
    echo 'Invalid signature';
    // Handle the error accordingly
}

Headers

Name
Type
Description

x-signature

string

SHA-256 encrypted signature

Content-Type

string

application/json

Request Body

Name
Type
Description

platformId

integer

Your Platform ID

paymentId

integer

Payment ID

orderId

string

Order ID of your platform.

amount

string

Amount in cryptocurrency

txhash

string

The transaction hash in the blockchain system, used to track the transaction.

addressFrom

string

The sender’s wallet address from which the funds are being withdrawn.

addressTo

string

The recipient’s wallet address to which the funds are being sent.

confirmations

integer

The number of confirmations the transaction has received. This field is used in networks like Bitcoin, Litecoin, Dogecoin, Bitcoin Cash, and Dash.

destinationTag

integer

An additional parameter tag or comment, used in Ripple and TON blockchains.

Resending Webhook Notifications

You can resend a webhook notification from your personal account by following these steps:

  1. Navigate to the transactions section in your personal account.

  2. Locate and click on the desired transaction.

  3. In the opened window, you will see a field displaying the webhook response.

  4. Click the "Resend" button to resend the webhook notification.

PreviousCheck withdrawNextPairs

Last updated 5 months ago