Receive POST requests to your URL automatically when an event occurs.
Webhook Secret Key
that’s generated when you create the endpoint. This key should be used to validate incoming webhooks using HMAC(sha512) signatures. Payvra sends the signature in the HMAC
HTTP header of each request.
Webhook Secret Key
created when the webhook was set up in the dashboard. Payvra uses your Webhook Secret Key
as the HMAC shared secret key to generate an HMAC(sha512) signature of the raw POST data. The HMAC signature is sent as an HTTP header called HMAC
. The body of the request contains the callback data in JSON format, similar to the Payment Information API response body.
endpoint URL
and inspect the callback data sent from Payvra. Note that Payvra payment callbacks will not be sent to private networks (e.g., localhost).
For local debugging, you can use services like https://ngrok.io to expose your local server to the internet and receive webhook callbacks.
To utilize the payment webhook, please follow these steps:
MERCHANT_API_KEY
to calculate the HMAC signature and compare it with the received HMAC header.Not receiving webhook notifications
endpoint URL
is correctly set and accessible from the
internet. - Check your server’s firewall settings to allow incoming requests
from Payvra. - Verify that your server is responding with a 200 OK status
and ‘ok’ message.Invalid HMAC signature
MERCHANT_API_KEY
or
PAYOUT_API_KEY
. - Ensure you’re calculating the HMAC signature on the raw
POST data, not the parsed JSON. - Verify that you’re using the SHA-512
algorithm for HMAC calculation.Webhook timeouts
Duplicate webhook notifications