Skip to main content

Webhook Notifications 🔔

Webhooks are considered the main way of communication between OxygenPay and your backend system. We deliver them each time a payment changes status using POST request. Webhook format:

{
"id": "59871f43-ec34-4966-8141-eacbcc184192",
"status": "success",
"customerEmail": "satoshi@gmail.com",
"selectedBlockchain": "ETH",
"selectedCurrency": "ETH_USDT",
"paymentLinkId": "1c9ecded-27bc-405d-bf66-85d2ad3bb228",
"isTest": false
}
StatusDescription
inProgressTransaction is received, but it's not confirmed yet.
However customer can already access "back to site" link
successPayment is confirmed, and the balance is topped up
failedPayment has failed e.g. expired or a customer paid less than expected
tip

You can use any no-code/low-code tool (Zapier, Integromat, and others) to set up desired workflows without having a server

Setting up webhooks

  • Go to Dashboard > Settings > Developer section > Manage webhook settings
  • Enter webhook URL
  • Configure webhook secret. We recommend using 16 random characters

Webhook secrets

We highly recommend setting up webhook secrets, so you can verify that a request is authentic. Each signed webhook contains X-Signature header with HMAC signature.

Here's an example of verifying a webhook using Golang:

package main

import (
"crypto/hmac"
"crypto/sha512"
"encoding/base64"
)

func ValidateHMAC(requestBody []byte, secret, signature string) bool {
mac := hmac.New(sha512.New, []byte(secret))
if _, err := mac.Write(requestBody); err != nil {
return false
}

expectedMAC := base64.StdEncoding.EncodeToString(mac.Sum(nil))

return expectedMAC == signature
}