Webhook Setup

You can update the webhook anytime using the webhook update API using your API_SECRET. Or you can send us an email to update it for you.

You can see the Webhook Update Endpoint on how to update the Webhook.

Webhook Verification

Once you have updated the webhook endpoint for your server, it is also important that you verify if the webhook request has been really sent by us or not.

Verification is simple with a few lines of code.

We use svix for our webhook delivery. We are listing the steps to verify for javascript below. If you are using any other server side language library, you can go to Svix's Documentation on how to verify.

For Js we are listing the step below:-

Step 1

Install the svix nodejs library

npm install svix

Step 2

On the server side the signature and a few other fields will be sent to you in your request. In node, you can access them using request.headers. the headers object should look like this.

headers = {
  host: '23cf-2601-645-8003-2b60-5dee-f36b-291-76bd.ngrok.io',
  'user-agent': 'Svix-Webhooks/1.4.1',
  'content-length': '39',
  accept: '*/*',
  'content-type': 'application/json',
  'svix-id': 'msg_2KnH2HzLCUKDNyinWzgYZxh3qrb',
  'svix-signature': 'v1,xskL++IM9h9I0uObiMjWv+DP3QLkp9hhl6mRWS6sbt4=',
  'svix-timestamp': '1674603361',
  'x-forwarded-for': '',
  'x-forwarded-proto': 'https',
  'accept-encoding': 'gzip'

Step 3

You can now verify the request like this.

import { Webhook } from "svix";

const secret = "whsec_MfKQ9r8GKYqrTwjUPD8ILPZIo2LaLaSw";

// These were all sent from the server
const headers = {
  "svix-id": "msg_p5jXN8AQM9LWM0D4loKWxJek",
  "svix-timestamp": "1614265330",
  "svix-signature": "v1,g0hM9SsE+OTPJTGt/tmIKtSyZlE3uFJELVlNIOLJ1OE=",
const payload = '{"orderId":"12345","chainId":"polygon-pos","tokenSymbol":"USDT","tokenAmount":"1.4","fiatCurrency":"USD","fiatAmount":"200","transactionHash":"0xhashofthetransaction"}';

const wh = new Webhook(secret);
// Throws on error, returns the verified content on success
const payload = wh.verify(payload, headers);

secret is your API_SECRET.

headers are these three fields extracted from the headers server.

payload is the body header.

Step 4

Extract fields from the payload for your use. Here are all the fields in the payload.

orderIdOrder Id for Magik
partnerContextJson Object provided by you. Use this to identify order in your DB.
chainIdChain Id of the token
tokenSymbolSymbol of the Token
tokenAddressAddress of the token
fiatCurrencyCurrency Code of the fiat Currency
fiatAmountAmount paid by user in fiat Amount
transactionHashhash of the transaction in 0x letters