Webhooks
We notify your web applications whenever transaction statuses change through web-hooks. We expect you to set your web-hook URL under your merchant account API settings by now.
Introduction
Webhook
Is also know as web callback or HTTP push API. It's a way for an app to provide other applications with real-time information or data.
The data can also be referred to as webhook or callback data.
The HTTP URL reserved to receive the data from another application(Dusupay) is called a webhook or callback URL
Therefore webhook and callback can be used inter-changeably
Webhook-hash
With reference to the webhook definition or understanding above, the webhook-hash is an extra piece of information that we include in the data sent to the webhook URL.
If you set your webhook-hash value under your merchant account API settings to say "XYZ", we will include a header webhook-hash with value "XYZ" Header: "webhook-hash: XYZ" This means that before your application where the webhook URL targets, receives data from Dusupay, it should first verify that the header "webhook-hash" contains the expected value "XYZ" known between Dusupay and the application receiving the information sent to the webhook URL as an extra level of security
NOTE We don't generate or provide you the webhook hash You are expected to simply generate a random string of at least 16 characters that cannot be guessed. Use it as the webhook hash value wherever you require to and set it under your merchant account.
NOTES
All
collection
andpayout
transactioncallbacks
will be sent to the URL set as thewebhook url
under your merchant account API settings.A
POST
request withjson data
will be sent to yourwebhook url
We require that you provide a secure
webhook url
. Therefore only,https
URLs can be set or notified.You will need to acknowledge receipt of the callback by responding with the HTTP status code
200
. Otherwise, we might keep calling your webhook URL at an interval of 10 minutes for 3 days.To ensure that the callback data sent to your
webhook URL
comes from our servers, you need to set acallback hash
under theApi Settings
.We will include a header called,
webhook-hash
in the request sent to the callback URL. e.g "webhook-hash: ***"You should check to make sure the,
webhook-hash
we sent matches what was set under your merchant account before giving value to the customer.
Responding to webhooks
We will stop calling you back if your callback URL responds with “HTTP status codes” below;
Code
Description
200
- OK
400
- Bad Request
401
- Unauthorised
403
- Forbidden
422
- Unprocessable entity.
Rejecting webhook
In a scenario where the transaction cannot be processed or you cannot give value, respond with HTTP codes below;
Code
Description
400
- Bad Request. - e.g when there’s a missing parameter
422
- Unprocessable entity. - e.g when the request is fine but you cannot complete it because the amount does not match what you expected.
KEYNOTE
Always verify the, amount
to make sure it matches what is meant to be paid
before giving value to the customer.
Last updated