Webhook Setup
You can update the webhook anytime using the webhook update API using your API_SECRET. Or you can send us an email to update it for you.
You can see the Webhook Update Endpoint on how to update the Webhook.
Webhook Verification
Once you have updated the webhook endpoint for your server, it is also important that you verify if the webhook request has been really sent by us or not.
Verification is simple with a few lines of code.
We use svix
for our webhook delivery. We are listing the steps to verify for javascript below. If you are using any other server side language library, you can go to Svix's Documentation on how to verify.
For Js we are listing the step below:-
Step 1
Install the svix nodejs library
npm install svix
Step 2
On the server side the signature and a few other fields will be sent to you in your request. In node, you can access them using request.headers
. the headers object should look like this.
headers = {
host: '23cf-2601-645-8003-2b60-5dee-f36b-291-76bd.ngrok.io',
'user-agent': 'Svix-Webhooks/1.4.1',
'content-length': '39',
accept: '*/*',
'content-type': 'application/json',
'svix-id': 'msg_2KnH2HzLCUKDNyinWzgYZxh3qrb',
'svix-signature': 'v1,xskL++IM9h9I0uObiMjWv+DP3QLkp9hhl6mRWS6sbt4=',
'svix-timestamp': '1674603361',
'x-forwarded-for': '63.33.109.123',
'x-forwarded-proto': 'https',
'accept-encoding': 'gzip'
}
Step 3
You can now verify the request like this.
import { Webhook } from "svix";
const secret = "whsec_MfKQ9r8GKYqrTwjUPD8ILPZIo2LaLaSw";
// These were all sent from the server
const headers = {
"svix-id": "msg_p5jXN8AQM9LWM0D4loKWxJek",
"svix-timestamp": "1614265330",
"svix-signature": "v1,g0hM9SsE+OTPJTGt/tmIKtSyZlE3uFJELVlNIOLJ1OE=",
};
const payload = '{"orderId":"12345","chainId":"polygon-pos","tokenSymbol":"USDT","tokenAmount":"1.4","fiatCurrency":"USD","fiatAmount":"200","transactionHash":"0xhashofthetransaction"}';
const wh = new Webhook(secret);
// Throws on error, returns the verified content on success
const payload = wh.verify(payload, headers);
secret
is your API_SECRET.
headers
are these three fields extracted from the headers server.
payload
is the body header.
Step 4
Extract fields from the payload for your use. Here are all the fields in the payload.
Name | Description |
---|---|
orderId | Order Id for Magik |
partnerContext | Json Object provided by you. Use this to identify order in your DB. |
chainId | Chain Id of the token |
tokenSymbol | Symbol of the Token |
tokenAddress | Address of the token |
fiatCurrency | Currency Code of the fiat Currency |
fiatAmount | Amount paid by user in fiat Amount |
transactionHash | hash of the transaction in 0x letters |