Webhook Setup Guide
Webhook Connection and URL
When an incoming transaction occurs, Nebulox will send a POST request to the specified webhook URL, including a payload with the transaction details.
Setup Procedure:
To establish your webhook connection, follow these steps:
Provide a Valid Webhook URL: Ensure the URL is correct and ready to receive POST requests.
Whitelist Our IP Address: Allow requests from our IP address to pass through your firewall or security settings.
Hmac-Based Security for Webhook calls : We strongly suggest implementing this validation in your code to ensure the integrity and authenticity of the webhook requests.
Verify Your Invoice (Optional): Optionally, you can verify your invoice for added security.
Providing a Valid Webhook URL
When configuring a new Nebulox gateway, it is crucial to provide a valid webhook URL. This ensures that Nebulox can seamlessly transmit real-time notifications for new transactions, facilitating smooth integration and enabling automated operations within your payment processing flow.
Sample Payload:
If your webhook URL is valid, you will receive a payload like this:
Whitelist our IP address
After configuring your URL, please ensure not to block requests from Nebulox. Webhooks will be triggered from our servers.
1.1.1.1
, 1.1.1.1
, 1.1.1.1
HMAC-Based Security for Webhook Calls(Optional)
To enhance the security of webhook calls, an HMAC (Hash-based Message Authentication Code) mechanism has been implemented. This mechanism adds an X-Hash
header to the request. The HMAC is generated using the SHA256 algorithm and the gateway API KEY
as the secret key.
HMAC Algorithm:
SHA256
Key Used:
Gateway API KEY
Header Name:
X-Hash
Implementation:
The
X-Hash
header is computed by applying the SHA256 HMAC algorithm to the webhook request body using theAPI KEY
.The resulting hash value is included in the
X-Hash
header of the webhook call.The server receiving the webhook should validate the
X-Hash
value by recomputing it using the received payload and then comparing it to theX-Hash
value provided in the header.
Verify your invoice (Optional)
Optionally, you can use the provided API to verify incoming invoices at your URL. This security check is recommended as an additional step to thwart any potential malicious activity.\
Optionally, you can utilize the provided API to verify incoming invoices at your specified URL. This security check is recommended as an additional step to thwart any potential malicious activity.
Verify your invoice
POST
https://api.nebulox.io/api/invoice/verify
Call this method to verify your invoice
Request Body
apiKey*
string
Your API key
trackingCode*
number
The tracking code of the invoice
Good to Know: Ensure that your Webhook URL is not only correctly set up to accept incoming POST requests but also configured accurately within Nebulox's settings. This meticulous setup guarantees seamless reception of timely updates about new transactions, allowing you to stay informed and responsive to the activities related to your provided address.
Last updated