Processing WebHook Notifications

Behavior of webhook notifications described here and notification verification is here. SDK incapsulates verification logic providing an easy way to validate notification. But there are some important points.


Validation of notification requires such properties:

  • method - Notification request method

  • url - Notification request url. For example if your server under domain handles notification by path /0xpay than url will be You can access it by concatenating header "host" and request path(url).

  • timestamp - Unix timestamp, receiving in headers

  • signature - Notification signature, receiving in headers

  • rawBody - String of unparsed request body

    method: 'POST',
    url: '',
    timestamp: 1672158945,
    signature: 'signature',
    rawBody: '{ ... }'

Verifying a notification (webhook)

Example with express:

import { XPay } from '@0xpay/sdk'
import express from 'express'

// Create XPay instance
const xpay = new XPay(...)

express().post('/ipn', express.text(), (req, res) => {
  const validationError = xpay.validateWebhookRequest({
     method: req.method,
     url: req.get('host') + req.originalUrl,
     timestamp: req.get('timestamp'),
     signature: req.get('signature'),
     rawBody: req.body
  if (validationError) throw new Error(validationError.description)

  const ipn = JSON.parse(req.body)

  // processing your ipn...


Last updated