Webhook Notifications 🔔
Webhooks are considered the main way of communication between OxygenPay and your backend system.
We deliver them each time a payment changes status using POST
request. Webhook format:
{
"id": "59871f43-ec34-4966-8141-eacbcc184192",
"status": "success",
"customerEmail": "satoshi@gmail.com",
"selectedBlockchain": "ETH",
"selectedCurrency": "ETH_USDT",
"paymentLinkId": "1c9ecded-27bc-405d-bf66-85d2ad3bb228",
"isTest": false
}
Status | Description |
---|---|
inProgress | Transaction is received, but it's not confirmed yet. However customer can already access "back to site" link |
success | Payment is confirmed, and the balance is topped up |
failed | Payment has failed e.g. expired or a customer paid less than expected |
tip
You can use any no-code/low-code tool (Zapier, Integromat, and others) to set up desired workflows without having a server
Setting up webhooks​
- Go to Dashboard > Settings > Developer section > Manage webhook settings
- Enter webhook URL
- Configure webhook secret. We recommend using 16 random characters
Webhook secrets​
We highly recommend setting up webhook secrets, so you can verify that a request is authentic.
Each signed webhook contains X-Signature
header with HMAC signature.
Here's an example of verifying a webhook using Golang:
package main
import (
"crypto/hmac"
"crypto/sha512"
"encoding/base64"
)
func ValidateHMAC(requestBody []byte, secret, signature string) bool {
mac := hmac.New(sha512.New, []byte(secret))
if _, err := mac.Write(requestBody); err != nil {
return false
}
expectedMAC := base64.StdEncoding.EncodeToString(mac.Sum(nil))
return expectedMAC == signature
}