Webhook Events

A webhook is a way to provide other applications with real-time information. When an event occurs in the payFURL (such as a new charge is created), payFURL sends a request to a specified URL (known as a "webhook URL").

This allows other applications to take action based on the event, such as sending an email or creating a new record in a database. Webhooks are typically used to integrate one application with another, allowing them to work together in real time.

How to create a webhook

While creating a charge you could provide an optional webhook object:

Webhook config

{
  "webhook": {
    "url": "https://webhook.site/1752c235-7693-466b-9710-f6ca4e0f8255",
    "authorization": "Basic dXNlcjpwYXNzd29yZA=="
  }
}

• url is required, should be HTTPS and not an IP address
• authorization is optional and will be sent to webhook URL in the authorization header

Event when webhook will be sent

1. Successful payment;
2. Failed payment;
3. Status update of the transaction;
4. Refunds and partial refunds.

Example of webhook

Headers

Content-Type: application/json
Authorization: Basic dXNlcjpwYXNzd29yZA==
X-Payfurl-Version: 1.17.1.0
X-Payfurl-Signature: dCM6l9ngZMJXVappk73yS607k1K7byfyzTTdToaKMa8=

Body

{
  "meta": {
    "messageId": "bc4f056315d6e0205ab085dde45c4a46",
    "timestamp": "2023-01-19T20:37:12.8456589Z",
    "type": "transaction",
    "eventType": "transaction.status.changed"
  },
  "data": {
    "chargeId": "3f83ab8fdf624c649bc70bbba81d6c2b",
    "providerChargeId": "ch_3MYd2tE9mXU4onpB0r5iTsiL",
    "amount": 20,
    "providerId": "a26c371f-94f6-40da-add2-28ec8e9da8ed",
    "paymentInformation": {
      "paymentMethodId": "80da8c2d674b4d2e8c65a6520e89d070",
      "card": {
        "cardNumber": "4111********1111",
        "expiryDate": "12/25",
        "type": "VISA",
        "cardType": "CREDIT",
        "cardIin": "411"
      },
      "type": "CARD"
    },
    "customerId": "025c73d9cd0540e9a5a997f8ba97c732",
    "status": "SUCCESS",
    "dateAdded": "2023-02-06T22:20:19.0461561Z",
    "successDate": "2023-02-06T22:20:20.8655832Z",
    "estimatedCost": 0.2,
    "estimatedCostCurrency": "AUD",
    "currency": "Aud",
    "refunds": [],
    "threeDsVerified": false
  }
}

Verify Signature

Since your notification URL is publicly accessible and can be reached by anyone, it's necessary to verify each event notification to ensure that it was sent by payFURL.

An event notification that did not come from payFURL could potentially compromise your application. All webhook notifications from payFURL include an X-Payfurl-Signature header.

This header contains an HMAC-SHA-256 signature that is generated using your webhook signature key and the body of the request. To validate the webhook notification, you need to generate the HMAC-SHA-256 value based on webhook signing key (copy from payFURL dashboard) in your code and compare it to the signature of the event notification you received.

For deserializing webhook please use SDKs:

C#

var transaction = payfurl.sdk.WebhookTools.DeserializeTransaction(requestBody, signatureHeader, webhookSignatureKey);

Java

WebhookTransaction webhookTransaction = WebhookTools.deserializeTransaction(requestBody, signatureHeader, webhookSignatureKey);

PHP

$webhookTransaction = WebhookTools::DeserializeTransaction(self::requestBody, self::signatureHeader, self::webhookSignatureKey);