Webhook Integration Guide

Overview

Our system provides real-time notifications about various events through webhooks. When specific events occur in our system, we'll send HTTP POST requests to your configured webhook URL with encrypted event data.

Webhook Setup

Access the Admin Console

Configure your webhook URL in the appropriate section

Save the configuration

Security

All webhook payloads are encrypted using the same encryption method as the API requests:

AES-CBC encryption with standard padding

HMAC signature verification

Your merchant secret key is used for encryption

Webhook Payload Structure

Each webhook request will contain:

{
  "encrypted_payload": "base64-encoded-encrypted-data",
  "type": "EVENT_TYPE",
  "hmac": "hmac-signature"
}

Event Types

Our system supports the following webhook event types:

USER_CREATE_RESULT

User creation results and KYC approval status

CARD_APPLY_RESULT

Results of card application operations

CARD_ACTIVATE_RESULT

Results of card activation operations

CARD_ASSIGN_RESULT

Results of physical card assignment to users

CARD_STATUS_CHANGE

Notifications when card status changes (LOCKED/ACTIVE)

CARD_RECHARGE_RESULT

Results of card recharge operations

CARD_CLOSE_RESULT

Results of card closure operations

TRANSACTION_CREATED

Notification about new transactions

CARD_CORRECTION

Card correction and adjustment notifications

10.

CARD_3DS

3DS authentication requests requiring user action

11.

CARD_VERIFICATION

Card verification requests (e.g., Google Pay OTP)

For detailed payload structures and field descriptions for each event type, please refer to the Event Types Documentation.

Processing Webhooks

1. Verify the Request

Verify the HMAC signature using your secret key

Decrypt the payload using your secret key

2. Acknowledge the Webhook

Return a 200 HTTP status code to acknowledge receipt

Respond within 10 seconds to prevent timeouts

Process the webhook asynchronously if needed

Example Webhook Processing (Python)

Webhook Monitoring

All webhook deliveries are recorded and can be monitored in the Admin Console:

Callback Records

Access the "Callback Records" section in the Admin Console

View the history of all webhook deliveries

Check delivery status and payload details

Troubleshoot failed webhook deliveries

Recommendations

Handle Failures Gracefully

Implement proper error handling

Log failed webhook processing for debugging

Security

Keep your webhook URL secure (HTTPS)

Validate HMAC signatures for all webhooks

Store your secret key securely

Monitoring

Regularly check the Callback Records in Admin Console

Set up alerts for failed webhook deliveries

Monitor your webhook processing endpoint's performance

Troubleshooting

Common Issues

Invalid HMAC

Verify you're using the correct secret key

Check if the payload is being modified in transit

Decryption Failures

Ensure correct handling of IV and ciphertext

Verify the encryption key is correct

Timeout Issues

Implement asynchronous processing for long-running operations

Return 200 OK quickly and process in background

Support

If you encounter any issues with webhook delivery or processing, please:

Check the Callback Records in Admin Console

Review your server logs

Contact our technical support with relevant transaction IDs

Integration Guide

Webhook Integration Guide#

Overview#

Webhook Setup#

Security#

Webhook Payload Structure#

Event Types#

Processing Webhooks#

1. Verify the Request#

2. Acknowledge the Webhook#

Example Webhook Processing (Python)#

Webhook Monitoring#

Callback Records#

Recommendations#

Troubleshooting#

Common Issues#

Support#