Webhooks
Webhooks
Thepeer utilizes webhooks to send data for certain events. One of these events is when a business is on the receiving end of a transaction. We notify the business via webhook on this occasion.
Another event is when a user is about to charge their wallet. We send an authorization payload via webhook to the business for authorization of the charge.
Prerequisite
To be able to receive messages from Thepeer via webhook, we would need your webhook URL.
To enter your webhook URL on your Thepeer dashboard, navigate to the Settings
page and click API Keys & Webhooks
on the tab menu.
Enter your webhook URL in the input field and click Save Information
.
The Retry webhook
check indicates to Thepeer to keep sending webhook messages until you successfully verify them.
- You must set your webhook URL on your business dashboard in order to receive webhook notifications.
Webhook Verification
Valid webhook requests contain a X-Thepeer-Signature header, which is a hex-encoded HMAC SHA1
signature of the request body.
Steps to Verify a Webhook
- Sign the request body with
HMAC SHA1
using your Thepeer secret key. - Compare the result with the value of the
X-Thepeer-Signature
header. If they match, then the request is indeed from Thepeer and then you can return a200
.
Here’s an implementation in php:
<?php
$signature = hash_hmac('sha1', '{"message":"test signing"}', 'YOUR_SECRET_KEY');
if ($signature === $_SERVER['X-Thepeer-Signature']) {
// return status 200
} else {
// return status 406
}
?>
- You must return status 200 if a webhook verification is successful.Thepeer will retry 10 times at 5 minute intervals.