Docs Webhooks

Webhooks & Event Logic

Listen to real-time events on your server to update your application state. Our webhooks are signed for security.

Signature Verification

Always verify the webhook signature to protect against spoofing. We sign the request body using your Webhook Secret via HMAC-SHA512. Header: X-HwebPay-Signature.

Verification Example (PHP)

$signature = $_SERVER['HTTP_X_HWEBPAY_SIGNATURE'];
$payload = file_get_contents('php://input');
$secret = 'your_webhook_secret';

$computedSignature = hash_hmac('sha512', $payload, $secret);

if (hash_equals($computedSignature, $signature)) {
    // Signature Valid - Process Event
    $event = json_decode($payload, true);
}

Supported Events

transaction.success	A payment on a dynamic virtual account was successfully received.
transfer.received	A direct transfer to a static virtual account was received.
payout.processed	A withdrawal to your bank account has been processed successfully.
refund.completed	A refund has been successfully settled to the customer.

Sample Payload

{
  "event": "transaction.success",
  "data": {
    "uuid": "98234-712-412",
    "amount": 5000,
    "reference": "HP_ABC123",
    "customer_email": "customer@mail.com"
  },
  "created_at": "2023-12-27T15:30:00Z"
}

Wallet Generation

Idempotency

Developer Community