Webhooks

When your order is paid correctly you will receive a webhook request based on your webhook notification preferences.

Received "POST" request is including a signature in HTTP header which is generated by order parameters and your merchant secret key. To verify incoming webhook request you can generate HMAC signature by received payload and your merchant secret key. Then you can be sure the request is sent by Wirecash.

const crypto = require('crypto')

// HTTP header ['Wirecash-Signature']
let receivedSignature =
  'ee5e584d6a7ba8209b8bc0a818e9c45e5aab04120711e7430f4a418fe2495af3'

let payload = {
  id: 'test_1651542893311',
  type: 'payment.received',
  amount: '5',
  order: {
    id: 'test_1651542893311',
    currency: 'USD',
    items: [
      {
        name: 'Test Item',
        amount: 5,
        quantity: 1,
        description: 'Test item description',
        image: 'https://wirecash.com',
      },
    ],
  },
  payment: {
    id: 'test_payment_id_12345',
    transaction_id: 'test_transaction_12345',
    currency: { name: 'USDC Coin', code: 'USDC' },
    amount: 5,
    amount_received: 5,
    rate: 1,
  },
  merchant_id: '627086482c4d490032e92cb9',
  status: 'succeeded',
  created: 1651542893311,
}

let SECRET = 'cash_5610b72981bb7c090d5891b1086eff49ea03b683abd94b03'

function computeHMACSignature(payload, secret) {
  return crypto
    .createHmac('sha256', secret)
    .update(payload, 'utf8')
    .digest('hex')
}

const calculateHMAC = computeHMACSignature(JSON.stringify(payload), SECRET)

if (receivedSignature === calculateHMAC) {
  console.log('Verified!')
}