Webhooks are currently in private Alpha. Please reach out if you’d like access.
Setup
Prerequisites
You will need:- Your CDP API Key ID and secret
- A webhook notification HTTPS URL
- (Recommended) Install cdpcurl
Create a webhook subscription
- Prepare your subscription configuration:
target.url
should be your webhook endpoint that will receive the events- You can also set a
headers
object intarget
if your url requires specific headers:
- All Onramp event types should be included to ensure you receive notifications for every Onramp transaction state change:
Event type | Description |
---|---|
onramp.transaction.created | New Onramp transaction created |
onramp.transaction.updated | Onramp transaction status changed |
onramp.transaction.success | Onramp transaction completed successfully |
onramp.transaction.failed | Onramp transaction failed |
Event type | Description |
---|---|
offramp.transaction.created | New Offramp transaction created |
offramp.transaction.updated | Offramp transaction status changed |
offramp.transaction.success | Offramp transaction completed successfully |
offramp.transaction.failed | Offramp transaction failed |
- Create the webhook subscription:
subscriptionId
from the response to view, update, or delete the subscription.
List all subscriptions
Webhook signature verification
Verify webhook signatures to ensure that requests are authentic. This protects your application from forged webhooks and potential security threats.
How it works
When you create a webhook subscription, the response includes a secret inmetadata.secret
. This secret is used to verify that incoming webhooks are authentic.
Each webhook request includes an X-Hook0-Signature
header containing:
t
field - the timestamph
field - list of headers included in the signaturev1
field - the signature
Implementation
Here’s an example of how to verify webhook signatures:Node.js
Node.js