Webhook
Webhook is used for sending deposit notifications to your desired URL. You can setup the URL upon wallet creation and it will send a deposit notification request to your endpoint using your
key
and secret
The request includes 2 headers:
key: Same client key
secret: Same client secret
Once your server receives the request on your endpoint you need to check the request
key
and secret
to check the validity of the request and make sure that this request is coming from Vault. (In more advanced scenarios HMAC-signature structure can be configured)You can use webhook test on REST API interactive explorer on https://api.vault.bitholla.com/docs to test the sample request sent to your server.
Webhook request expects 200 status response from your server otherwise it retries the same notification for 2 more times every one minute.
You should always store the
txid
and address
of the deposit on your database as unique values
when you receive the transaction if you are relying on webhook to avoid processing transactions if you receive the webhook multiple times.Check the fields in
is_confirmed
and is_suspicious
in the data you receive on your server. The webhook notifications are always sent when the deposit is confirmed. Often you receive the first webhook notification with status is_confirmed: false
which is used to notify about an incoming deposit. In these cases do not assume the deposit is confirmed and wait for the next webhook notifications with is_confirmed: true
before you process it.For token webhook deposits the
currency
is the token symbol and you can find the blockchain name in the network
field. e.g. currency: usdt, network: eth
Once you run the check transaction status, if it finds a deposit transaction it would send a webhook notification.
get
https://api.vault.bitholla.com
/v1/wallet/:wallet_name/webhook/test
Webhook Test
This feature is currently not available.
This structure is not used for normal wallets and is only applied for extra security upon client request. In the advance model, webhook deposit notification signs your request using your provided
key
and secret
.You are required to calculate the signature on your side and match it with the
api-signature
provided along with the api-nonce
in the request header.This is a sample code for signature you can refer to:
const secret = <your api-secret>;
const verb = 'POST';
const url = <your wallet webhook url>;
const data = <notification object data>;
const nonce = Date.now();
const stringData = JSON.stringify(data);
const signature = crypto
.createHmac('sha256', secret)
.update(verb + url + nonce + stringData)
.digest('hex');
console.log(signature)
Last modified 1yr ago