Merchants can configure webhook endpoints through their dashboard to receive notifications when specific events occur. When configured events happen, Payvra will send notifications in JSON format with all required information about the transaction, such as the amount and status.

Setting Up Webhooks

  1. Navigate to the Webhooks section in your Payvra dashboard
  2. Click “Add Webhook Endpoint”
  3. Enter your endpoint URL where you want to receive notifications
  4. Select the events you want to subscribe to (e.g., PAYMENT_CREATED, PAYMENT_COMPLETED)
  5. Save the webhook configuration to receive your unique Webhook Secret Key
Each webhook endpoint can be configured independently with its own secret key and event subscriptions. You can add multiple endpoints and manage them through the dashboard. The webhook endpoint must return an HTTP Response 200 with content: ok for Payvra API to confirm the callback as successful. The system will try to deliver a webhook notification up to 5 times or until a successful delivery occurs, whichever happens first. If the first attempt fails, the second one is triggered after approximately 1 minute. The third one is delayed for 3 more minutes, the fourth for 30 minutes, and the last one for 3 hours.

Webhook Security

Each webhook endpoint has its own Webhook Secret Key that’s generated when you create the endpoint. This key should be used to validate incoming webhooks using HMAC(sha512) signatures. Payvra sends the signature in the HMAC HTTP header of each request.

Validating Callbacks

Merchants must validate the signature of callbacks coming from Payvra using their Webhook Secret Key created when the webhook was set up in the dashboard. Payvra uses your Webhook Secret Key as the HMAC shared secret key to generate an HMAC(sha512) signature of the raw POST data. The HMAC signature is sent as an HTTP header called HMAC. The body of the request contains the callback data in JSON format, similar to the Payment Information API response body.

Testing Webhook

For payment callback handling, you can use tools like requestcatcher.com to create a test endpoint URL and inspect the callback data sent from Payvra. Note that Payvra payment callbacks will not be sent to private networks (e.g., localhost). For local debugging, you can use services like https://ngrok.io to expose your local server to the internet and receive webhook callbacks. To utilize the payment webhook, please follow these steps:
  1. Create a web server and define an endpoint to handle POST requests.
    • Ensure that the firewall software on your server (e.g., Cloudflare) allows incoming requests from Payvra. You may need to whitelist Payvra’s IP addresses on your side. Please reach out to support@payvra.com to obtain the list of IP addresses.
  2. Configure your server to receive POST requests at the specified endpoint URL.
    • The POST request body will contain the necessary parameters sent by Payvra in JSON format.
  3. Validate the HMAC signature of the request to ensure the authenticity of the callback.
    • Use your MERCHANT_API_KEY to calculate the HMAC signature and compare it with the received HMAC header.
  4. Process the callback data accordingly based on the status and other parameters provided.

Sample Payment IPN data

In this section, we will provide examples of the data Payvra send to your system at various stages of the payment process. 
{
  "eventType": "PAYMENT_CREATED",
  "id": "cm2m00tok2221w6pp7mmabhn7",
  "merchantId": "cm1av4q2l60002638vzvdzweu",
  "paymentUrl": "https://payvra.com/payment/cm2m00tok2221w6pp7mmabhn7",
  "status": "PENDING",
  "address": "bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh",
  "amount": 100.0,
  "amountCurrency": "USD",
  "rate": 0.014285,
  "payAmount": 1.428571,
  "cryptoCurrency": {
    "symbol": "LTC"
  },
  "network": {
    "network": "Litecoin"
  },
  "feePaidByPayer": true,
  "underPaidCover": 5,
  "isWhiteLabel": false,
  "returnUrl": "https://your-return-url.com",
  "expiresAt": "2024-10-24T14:57:49.123Z",
  "createdAt": "2024-10-23T14:57:49.124Z"
}

Sample Payout IPN data

In this section, we will provide examples of the data Payvra send to your system at various stages of the payment process. 
{
  "eventType": "PAYOUT_CREATED",
  "id": "cm2m00tok2221w6pp7mmabhn7",
  "wallet": {
    "merchantId": "cm1av4q2l60002638vzvdzweu",
    "currency": {
      "symbol": "USDT"
    }
  },
  "network": {
    "network": "TRC20"
  },
  "status": "PROCESSING",
  "address": "TRx2m00tok2221w6pp7mmabhn7USDT",
  "txHash": null,
  "amount": 1000.0,
  "createdAt": "2024-10-23T14:57:49.124Z"
}

Example codes

<?php
// Get the request data
$postData = file_get_contents('php://input');
$data = json_decode($postData, true);

$hmacHeader = $_SERVER['HTTP_HMAC'];
$calculatedHmac = hash_hmac('sha512', $postData, 'YOUR_WEBHOOK_SECRET_KEY');

if ($calculatedHmac === $hmacHeader) {
    // HMAC signature is valid
    // Process the callback data
    if ($data['eventType'] === 'PAYMENT_CREATED') {
        echo 'Received payment callback: ' . json_encode($data);
        // Process payment data here
    } elseif ($data['eventType'] === 'PAYMENT_COMPLETED') {
        echo 'Received payment callback: ' . json_encode($data);
        // Process payment data here
    }

    // Return HTTP Response 200 with content "OK"
    http_response_code(200);
    echo 'OK';
} else {
    // HMAC signature is not valid
    // Handle the error accordingly
    http_response_code(400);
    echo 'Invalid HMAC signature';
}
?>
Again, please note that these code snippets serve as examples and may require modifications based on your specific implementation and framework.

Troubleshooting

Here are some common issues you might encounter when implementing webhooks and how to solve them:
If you’re still experiencing issues after trying these solutions, please contact our support team at support@payvra.com for further assistance.