Webhooks Configuration

Overview

The Partners Platform allows you to configure and manage webhooks, enabling real-time event notifications for your integration. You can activate specific webhooks and define the endpoint URLs where they should be delivered.

Configuring Webhooks

To set up webhooks:

Navigate to API > API Webhooks.

Select the webhook events you want to activate.

Enter the URL where webhook events should be sent.

Save your changes to enable webhook delivery.

Webhook Headers

Each webhook request contains essential headers for security and debugging:

{
  "Content-Type": "application/json",
  "X-Webhook-Security-Fields": "id,status",
  "X-Webhook-Security-Hash": "0f52db1b460e50b6684de069176da48a2f9fe20b1b97336cc7eb550f19bbf805",
  "X-Webhook-Request-UUID": "fa8ff1ec-8eed-44fc-a84b-5a6ffc2b531f"
}

Header Details

Content-Type: Specifies that the payload is in JSON format.

X-Webhook-Security-Fields: Lists the payload fields used for security hashing.

X-Webhook-Security-Hash: A hash for verifying webhook integrity.

X-Webhook-Request-UUID: A unique identifier for debugging requests in webhook logs.

Webhook Security

To ensure webhook integrity, a security hash is generated using the specified security fields and a secret key. Below is a typescript code for hash generation:

Obtaining Webhook Secret

To generate the security hash, you must retrieve your webhook secret from the Partners Platform API Security page.

Navigate to API > API Security.

Generate or retrieve your Webhook Secret.

Use the webhook secret as described below.

Hash Generation Process

Extract the fields specified in X-Webhook-Security-Fields from the webhook payload.

Concatenate their values into a single string in the same order as the order in the header.

Concatenate the webhook secret at the end of the string

Generate a SHA-256 hash of the string.

Compare the computed hash with X-Webhook-Security-Hash to verify webhook authenticity.

Available Webhooks

The following webhook events are available:

Technical Name	Title	Description
BusinessKycStatusChanged	Merchant KYC Status Changed	Triggered when the Know Your Customer (KYC) status of a merchant changes. This webhook helps track compliance and verification status updates.
BusinessExternalAccountStatusChanged	Receiver Account Status Changed	Triggered when the verification status of a receiver account changes.
BusinessRequestStatusChanged	Transaction Status Changed	Triggered when the status of a transaction changes. It allows you to monitor and respond to updates regarding transaction status updates.
BusinessRequestPayoutConfirmationStatusChanged	Transaction Payout Confirmation Status Changed	Triggered when the status of a payout confirmation (telex) request changed. It allows you to track when the request is completed and the document is available.

Webhook Log

The Webhook Log provides a record of all outgoing webhook events, enabling better debugging and monitoring. It allows you to:

View webhook payloads, headers, and responses.

Replay webhook events to troubleshoot failed deliveries.

Test webhook endpoints using mock data.

Accessing the Webhook Log

Navigate to API > API Webhook Logs.

Review webhook event details, including status and response codes.

Replay or test webhook events as needed.

Best Practices

Always validate the webhook hash to ensure data integrity.

Monitor the Webhook Log for failed events and troubleshoot using replays.

Test webhook endpoints with mock data before going live.

Overview#

Configuring Webhooks#

Webhook Headers#

Header Details#

Webhook Security#

Obtaining Webhook Secret#

Hash Generation Process#

Available Webhooks#

Webhook Log#

Accessing the Webhook Log#

Best Practices#