Webhook Withdraw

The notification URL is specified in the platform settings in the personal account.

Toggle 'Enable withdraw webhook' is ON in the platform settings in the personal account.

After all actions are completed, a response with a 200 status must be returned. Otherwise, there will be 2 additional attempts to resend the notification.

Ensure that the signature is verified for security purposes.

Signature Verification Example

@RestController
public class SignatureVerificationController {

    private static final String PLATFORM_ID = "your-platform-id";
    private static final String SECRET = "your-api-key";

    // Helper function to generate HMAC-SHA256 signature
    private String generateSignature(String signatureContract, String secret) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac sha256HMAC = Mac.getInstance("HmacSHA256");
        SecretKeySpec secretKey = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
        sha256HMAC.init(secretKey);
        byte[] hash = sha256HMAC.doFinal(signatureContract.getBytes(StandardCharsets.UTF_8));
        StringBuilder result = new StringBuilder();
        for (byte b : hash) {
            result.append(String.format("%02x", b));
        }
        return result.toString();
    }

   // Platform notification URL
    @PostMapping("/notification")
    public ResponseEntity<String> notificationWebHook(@RequestBody Map<String, Object> body, @RequestHeader HttpHeaders headers) throws NoSuchAlgorithmException, InvalidKeyException, JsonProcessingException {
        // Signature Verification
        ObjectMapper objectMapper = new ObjectMapper();
        String sortedBodyJson = objectMapper.writeValueAsString(body);

        // Generate the signature contract string
        String signatureContract = PLATFORM_ID + ";" + sortedBodyJson + ";" + SECRET;

        // Generate HMAC-SHA256 signature
        String signature = generateSignature(signatureContract, SECRET);

        // Get the signature from the headers
        String receivedSignature = headers.getFirst("x-signature");

        // Compare the generated signature with the received signature
        if (StringUtils.hasText(receivedSignature) && signature.equals(receivedSignature)) {
            return ResponseEntity.ok("Signature is valid");
        } else {
            return ResponseEntity.status(400).body("Invalid signature");
        }
    }
}

body = request.get_json()

# Platform and secret keys (example placeholders)
platform_id = 'your-platform-id'
secret = 'your-api-key'

# Generate the signature contract string
signature_contract = f'{platform_id};{body};{secret}'

# Generate HMAC-SHA256 signature
signature = hmac.new(secret.encode(), signature_contract.encode(), hashlib.sha256).hexdigest()

# Get the signature from the headers
received_signature = request.headers.get('x-signature', '')

# Compare the generated signature with the received signature
if signature == received_signature:
    return 'Signature is valid', 200
else:
    return 'Invalid signature', 400

<?php
// Retrieve the raw JSON body from the request
$json = file_get_contents('php://input');
$body = json_decode($json, true);

// Sort the body
$sortedBody = json_encode($body);

// Platform and secret keys (example placeholders)
$platformId = 'your-platform-id';
$secret = 'your-api-key';

// Generate the signature contract string
$signatureContract = $platformId . ";" . $sortedBody . ";" . $secret;

// Generate HMAC-SHA256 signature
$signature = hash_hmac('sha256', $signatureContract, $secret);

// Retrieve the request headers
$headers = getallheaders();

// Get the signature from the headers
$receivedSignature = $headers['x-signature'] ?? '';

// Compare the generated signature with the received signature
if ($signature === $receivedSignature) {
    echo 'Signature is valid';
    // Proceed with further processing
} else {
    echo 'Invalid signature';
    // Handle the error accordingly
}

Headers

Name

Type

Description

x-signature

string

SHA-256 encrypted signature

Content-Type

string

application/json

Request Body

Name

Type

Description

type

string

The type of callback, for example, withdraw

approve

integer

Withdraw status: 0 - wait 1 - success 2 - error

platformId

integer

Your Platform ID

paymentId

integer

Payment ID

addressTo

string

The recipient’s wallet address to which the funds are being sent.

amount

string

Amount in cryptocurrency

txhash

string

The transaction hash in the blockchain system, used to track the transaction.

amountDebited

string

The definitive amount of funds irrevocably removed from the user's balance to settle the specified transaction.

feeNetwork

string

Blockchain network fee required for processing the transaction on-chain. This is paid to network validators/miners.

feeService

string

Service fee charged by the platform for processing the transaction. This fee is retained by the service provider.

transactionId

string

The transaction ID in the Passimpay system. You can use this ID to check the status of the transaction with the withdrawstatus method.

orderId

string

A unique identifier for each withdrawal on your resource. Enter a string with a maximum length of 64 and valid characters 'A-Za-z0-9+/=-:.,'

confirmations

integer

The number of confirmations the transaction has received. This field is used in networks like Bitcoin, Litecoin, Dogecoin, Bitcoin Cash, and Dash.

destinationTag

integer

An additional parameter tag or comment, used in Ripple and TON blockchains.

Resending Webhook Notifications

You can resend a webhook notification from your personal account by following these steps:

Navigate to the transactions section in your personal account.
Locate and click on the desired transaction.
In the opened window, you will see a field displaying the webhook response.
Click the "Resend" button to resend the webhook notification.

PreviousWebhook Deposit NextPairs

Last updated 2 months ago