Skip to main content

Webhooks

Webhooks

Thepeer utilizes webhooks to send data for certain events. One of these events is when a business is on the receiving end of a transaction. We notify the business via webhook on this occasion.


Another event is when a user is about to charge their wallet. We send an authorization payload via webhook to the business for authorization of the charge.


Prerequisite

To be able to receive messages from Thepeer via webhook, we would need your webhook URL.


To enter your webhook URL on your Thepeer dashboard, navigate to the Settings page and click API Keys & Webhooks on the tab menu.


Enter your webhook URL in the input field and click Save Information.


The Retry webhook check indicates to Thepeer to keep sending webhook messages until you successfully verify them.

    You must set your webhook URL on your business dashboard in order to receive webhook notifications.

Webhook Verification

Valid webhook requests contain a X-Thepeer-Signature header, which is a hex-encoded HMAC SHA1 signature of the request body.


Steps to Verify a Webhook

  1. Sign the request body with HMAC SHA1 using your Thepeer secret key.
  2. Compare the result with the value of the X-Thepeer-Signature header. If they match, then the request is indeed from Thepeer and then you can return a 200.

Here’s an implementation in php:


php
<?php
$signature = hash_hmac('sha1', '{"message":"test signing"}', 'YOUR_SECRET_KEY');
if ($signature === $_SERVER['X-Thepeer-Signature']) {
// return status 200
} else {
// return status 406
}
?>
    You must return status 200 if a webhook verification is successful.Thepeer will retry 10 times at 5 minute intervals.