Receive POST requests to your URL automatically when an event occurs.
Webhook Secret Key
that’s generated when you create the endpoint. This key should be used to validate incoming webhooks using HMAC(sha512) signatures. CashPay sends the signature in the HMAC
HTTP header of each request.
Webhook Secret Key
created when the webhook was set up in the dashboard. CashPay uses your Webhook Secret Key
as the HMAC shared secret key to generate an HMAC(sha512) signature of the raw POST data. The HMAC signature is sent as an HTTP header called HMAC
. The body of the request contains the callback data in JSON format, similar to the Payment Information API response body.
endpoint URL
and inspect the callback data sent from CashPay. Note that CashPay payment callbacks will not be sent to private networks (e.g., localhost).
For local debugging, you can use services like https://ngrok.io to expose your local server to the internet and receive webhook callbacks.
To utilize the payment webhook, please follow these steps:
MERCHANT_API_KEY
to calculate the HMAC signature and compare it with the received HMAC header.Not receiving webhook notifications
callbackUrl
is correctly set and accessible from the internet.Invalid HMAC signature
MERCHANT_API_KEY
or PAYOUT_API_KEY
.Webhook timeouts
Duplicate webhook notifications