Processing WebHook Notifications

Behavior of webhook notifications described here and notification verification is here. SDK incapsulates verification logic providing an easy way to validate notification. But there are some important points.

Method

Validation of notification requires such properties:

• method - Notification request method

• url - Notification request url. For example if your server under domain example.com handles notification by path /0xpay than url will be example.com/0xpay. You can access it by concatenating header "host" and request path(url).

• timestamp - Unix timestamp, receiving in headers

• signature - Notification signature, receiving in headers

• rawBody - String of unparsed request body

XPay.validateWebhookRequest({
    method: 'POST',
    url: 'domain.com/ipn',
    timestamp: 1672158945,
    signature: 'signature',
    rawBody: '{ ... }'
})

Verifying a notification (webhook)

Example with express:

import { XPay } from '@0xpay/sdk'
import express from 'express'

// Create XPay instance
const xpay = new XPay(...)

express().post('/ipn', express.text(), (req, res) => {
  const validationError = xpay.validateWebhookRequest({
     method: req.method,
     url: req.get('host') + req.originalUrl,
     timestamp: req.get('timestamp'),
     signature: req.get('signature'),
     rawBody: req.body
  })
  if (validationError) throw new Error(validationError.description)

  const ipn = JSON.parse(req.body)

  // processing your ipn...

  res.send('OK')
})