Webhooks
This page will help you get started with our webhooks.
Headers
Body
First set up your webhook URL in the Chargeblast dashboard in the settings tab.
Chargeblast will begin emitting events to your webhook URL with the following schema. These events will be fired anytime a new alert is generated.
The externalOrder
field is not available in the alert.created
event.
Please use the alert.updated
event if you require this field.
Authentication
To authenticate the integrity of incoming webhooks, a header is passed into the post request to your endpoint under the header name svix-signature
. The value in this header is an HMAC-SHA256 encoded string using the payload of the request with the webhook secret as key.
In order to authenticate the request, you perform a HMAC-SHA256 encoding using a concat of webhook request body, svix_timestamp
and svix_id
and your webhook secret (whsec_xxxxxxxxxxxx) and ensure these strings match. Then input string to SHA256 HMAC will look like:
signedContent = "${svix_id}.${svix_timestamp}.${body}"
This is a common method for ensuring that the webhook messages you receive in your server are from a trusted source and haven’t been tampered with.
Types
There is currently the following webhook types:
alert.created
: transmitted when an alert is first created.alert.updated
: transmitted when an alert’s status is updated. Use this if you requireexternalOrder
the field.alert.refunded
: transmitted when an alert triggers a transaction to be refunded.