Webhook Notifications

Webhooks provide a way to send real-time notifications to other systems when something happens in NeoDeos. For example, when a new transaction is created, NeoDeos sends a POST request to a preconfigured URL (called the "webhook URL").

This mechanism enables your system or application to respond to events as they occur—such as triggering a notification, updating a database, or initiating another workflow. Webhooks are commonly used to enable real-time integration between different platforms or services.

Webhook Configuration Guide

While creating a charge you could provide an optional webhook object:

Webhook config

{
  "webhook": {
    "url": "https://webhook.site/355353c235-7693-466b-9710-f6ca4e12344",
    "authorization": "Basic dXadfdhG9yZA=="
  }
}

• url is required, should be HTTPS and not an IP address
• authorization is optional and will be sent to webhook URL in the authorization header

Webhook Trigger Events

1. Payment Successful
2. Payment Failed
3. Transaction Status Update
4. Refunds and partial refunds issued

Example of webhook

Headers

Content-Type: application/json
Authorization: Basic dXNlcjpwYXNzd29yZA==
X-NeoDeos-Version: 1.0.1.0
X-NeoDeos-Signature: dCM6l9ngZMJXVappk73yS607k1K7byfyzTTdToaKMa8=

Body

{
  "meta": {
    "messageId": "bc4f056315d6e0205ab085dde45c4a46",
    "timestamp": "2023-01-19T20:37:12.8456589Z",
    "type": "transaction",
    "eventType": "transaction.status.changed"
  },
  "data": {
    "chargeId": "3f83ab8fdf624c649bc70bbba81d6c2b",
    "providerChargeId": "ch_3MYd2tE9mXU4onpB0r5iTsiL",
    "amount": 20,
    "providerId": "a26c371f-94f6-40da-add2-28ec8e9da8ed",
    "paymentInformation": {
      "paymentMethodId": "80da8c2d674b4d2e8c65a6520e89d070",
      "card": {
        "cardNumber": "4111********1111",
        "expiryDate": "12/25",
        "type": "VISA",
        "cardType": "CREDIT",
        "cardIin": "411"
      },
      "type": "CARD"
    },
    "customerId": "025c73d9cd0540e9a5a997f8ba97c732",
    "status": "SUCCESS",
    "dateAdded": "2023-02-06T22:20:19.0461561Z",
    "successDate": "2023-02-06T22:20:20.8655832Z",
    "estimatedCost": 0.2,
    "estimatedCostCurrency": "USD",
    "currency": "Usd",
    "refunds": [],
    "threeDsVerified": false
  }
}

Signature Validation

Because your webhook endpoint is publicly accessible, it’s important to confirm that each event notification actually originates from NeoDeos.

If a webhook request comes from an unauthorized source, it could pose a security risk to your system. Every webhook sent by NeoDeos includes an X-NeoDeos-Signature header.

This header contains an HMAC-SHA-256 hash, created using your webhook signature key and the raw request body. To validate the authenticity of the event, generate the HMAC-SHA-256 signature using your own webhook key (available in the NeoDeos dashboard), and compare it to the signature provided in the webhook header.