Documentation
Search
K
Comment on page

Callbacks

To receive order status transition updates in a "push" manner you might consider using callbacks.

Setup callback

In order to receive you firstly need to specify the endpoint where you expect a callback to come.
Use add setting endpoint to specify the:
  • callback url [required] - use callback.url setting name
  • callback secret [optional] - use callback.secret setting name
If callback.secret is set up a special header will be passed along with every callback request:
X-Payload-Digest
The value of it is a HmacSHA1 signature of the callback's body created using the callback secret provided by the user.
Ip of callback sender:
3.64.51.60

Callback

The callback is executed as a POST request to the callback.url endpoint provided by the user. If provided endpoint for some reason (bad status code, timeout, etc) can't handle callback it will be retried multiple times.
POST {callback.url}
Content-Type: application/json
X-Payload-Digest: {signature}
{
"amount": 100.0,
"balanceAfterPayment": 534.71672,
"clientOrderId": null,
"comment": null,
"createdAt": "2022-01-18T10:16:00.577807Z",
"currency": "USDT",
"externalId": "externalId",
"id": "PMT-18162cf8-ea1c-4210-ab6b-e73286b923df",
"method": "CRYPTOCOIN",
"orderId": "ORD-81b84975-4487-43f4-a8ab-57a95ee4e695",
"orderType": "PAYIN",
"payUrl": null,
"payinBankAccount": null,
"payoutCardNumber": null,
"payoutCryptoAddress": null,
"reason": null,
"status": "SUCCESS",
"transactionType": "DEBIT",
"transferTo": null
}

Python code callback verification example

import hashlib
import hmac
import binascii
SECRET = 'secret_value' #value set in cabinet callback settings
def verifySignature(callback_raw_response, callback_headers):
callback_signature = callback_headers['X-Payload-Digest']
dig = hmac.new(bytes(SECRET , 'utf-8'), bytes(callback_raw_response , 'utf-8'), hashlib.sha1).digest()
signature = binascii.hexlify(dig).decode()
return callback_signature == signature
callback_raw_response = '{"field":"value"}' # use raw unformatted response body
callback_headers = {"X-Payload-Digest": "7e36242a10fd65cbaacd7ff288df9fd3f9e75a46"} # header from response
print(verifySignature(callback_raw_response, callback_headers))