Skip to main content

Webhooks

Whenever a transaction is initiated, we update the merchant on the status of the transaction with the help of webhooks. Our on boarding team will share the IP Address from which webhook calls will be made to the merchants endpoints. We advice the merchant to whitelist only these IP Addresses from which legitimate calls from Zamp will be delivered.

IP Addresses to be whitelisted by merchants

  • Stage Env: 34.87.148.68
  • Prod Env: 35.240.227.82

Once the merchant recevies the webhook call, we first request the merchant to validate if the call is truly made by Zamp. In order to validate that, we request you to extract the header key X-ZAMP-Signature and validate against the logic below. The message consists of comma seperated string with values payment_session_id, status of paymentSession The result of the code block below and the value present in the X-ZAMP-Signature key should match. 

const message = "merchant_uNR5Kc6a2zTdfqbLsDwxUZ_06_15,initiated";
const sha_message = CryptoJS.SHA256(`${message}:${ZAMP_SECRET}`);
const x_zamp_signature = CryptoJS.enc.Base64.stringify(sha_message);

Request Body : The request body will consist of the transaction_type and transaction_id. The data passed on the request body will be same as that particular transaction type's GET API.

For example, if the transaction is of type payment_session, the response in the data parameter will the same result of API GET https://api.zamplabs.com/payment/v1/payment-sessions/{payment-session-id}. 

{
    "transaction_type": "{{payment_session/refund}}",
    "transaction_id": "{{payment_session_id/refund_id}}}",
    "data":{
        "id": "merchant_uNR5Kc6a2zTdfqbLsDwxUZ_06_15",
        "reference_id": "asdaswqwqwewqe",
        "merchant_id": "merchant_9GtnphjB6rbcvwb7eP5xid_05_27",
        "status": "initiated",
        "failure_code": "",
        "amount": 100,
        "source_currency": "USD",
        "source_account": "0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963",
        "payment_option_id": "merchant_9GthjB6rbcvwb7eP5xid_05_27",
        "payment_option_code": "Metamask",
        "success_redirect_url": "https://merchantWebsite.com/crypto_payment_initiated",
        "failure_redirect_url": "https://merchantWebsite.com/crypto_payment_failed",
        "risk_score": "lowRisk",
        "created_at": "2022-06-15T06:33:20.656893Z",
        "updated_at": "2022-06-15T07:12:29.476202Z",
        "expires_at": "2022-06-15T07:33:20.654882583Z"
    }
}

Expected Response, Retries

We expect the merchant to return a HTTP 200 OK status in case they have received the message. In the absence of a HTTP 200 OK response, Zamp will retry the webook with backoff exponential logic with a doubling delay. Retries will be done for a maximum of 24 hours.