Webhook Validation & Request Integrity
You can confirm the integrity of the webhooks we send to notify you of transaction progress using the same digital signature endpoint.
We send the webhook along with a signature field.
You can then sign the webhook (excluding the signature) with the digital signature endpoint and compare the signature value received from the endpoint with the signature value on the webhook sent; if they are different it means the body has been tampered with and the webhook should be discarded.
Digital Signature
The digital signature endpoint is used to sign request, and confirm data integrity (validate webhooks or callbacks)
In order to create a collection request the request first has to be signed at the digital signature endpoint. This allows us to confirm the integrity of the request reaching us before we process it.
Another transactions that has to be signed before posting is payout request.
How request are signed
Request are signed by posting them to the following endpoint and signing them with the approriate credentials
Collection Orders
Collection orders are signed with merchant and partner secret concatenated
Payout Orders
request are only signed with the merchant secrete keys.
Digital Signature
POST https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/SignRequestSha512/
The object is signed without including the signature field. Also sign exactly the fields that would be posted to the transaction endpoint (Collection or payout)
Please make sure we have whitelisted all your IPs
Headers
Content-Type*
String
application/json
Request Body
partner_order_id*
String
the order id on partners end
amount_to_collect*
String
the amount to be collected
timestamp*
String
the time the order was created
order_expiration*
String
the time the order would expire
currency*
String
the currency of collection eg GHS, NGN
partner_callback_url*
String
the url where payment confirmation would be posted
partner_redirect_url
String
partners site where users would be redirected after successful payment
secret*
String
merchant and partner secret. The keys are concatenated
intrapay_merchant_id
String
Your Id on the intrapay app
partner_id
String
Your partner id returned on the onboard endpoint
Sample code for collection
You can confirm the integrity of the webhooks we send to notify you of transaction progress using the same digital signature endpoint.
We send the webhook along with a signature field.
You can then sign the webhook (excluding the signature) with the digital signature endpoint and compare the signature value received from the endpoint with the signature value on the webhook sent; if they are different it means the body has been tampered with and the webhook should be discarded.
Digital Signature
POST https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/SignRequestSha512/
The object is signed without including the signature field. Also sign exactly the fields that would be posted to the transaction endpoint (Collection or payout)
Please make sure we have whitelisted all your IPs
Headers
Content-Type*
String
application/json
Request Body
partner_order_id*
String
the order id on partners end
amount_to_collect*
String
the amount to be collected
timestamp*
String
the time the order was created
order_expiration*
String
the time the order would expire
currency*
String
the currency of collection eg GHS, NGN
partner_callback_url*
String
the url where payment confirmation would be posted
partner_redirect_url
String
partners site where users would be redirected after successful payment
secret*
String
merchant and partner secret. The keys are concatenated
intrapay_merchant_id
String
Your Id on the intrapay app
partner_id
String
Your partner id returned on the onboard endpoint
Sample code for collection
Last updated