# Webhook Validation & Request Integrity
You can confirm the integrity of the webhooks we send to notify you of transaction progress using the same digital signature endpoint.
We send the webhook along with a signature field.
You can then sign the webhook (excluding the signature) with the digital signature endpoint and compare the signature value received from the endpoint with the signature value on the webhook sent; if they are different it means the body has been tampered with and the webhook should be discarded.
## Digital Signature
The digital signature endpoint is used to sign request, and confirm data integrity (validate webhooks or callbacks)
In order to create a collection request the request first has to be signed at the digital signature endpoint. This allows us to confirm the integrity of the request reaching us before we process it.
Another transactions that has to be signed before posting is payout request.
### How request are signed
Request are signed by posting them to the following endpoint and signing them with the approriate credentials
#### Collection Orders
Collection orders are signed with merchant and partner secret concatenated
#### Payout Orders
request are only signed with the merchant secrete keys.
### Digital Signature
`POST` `https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/SignRequestSha512/`
The object is signed without including the signature field. Also sign exactly the fields that would be posted to the transaction endpoint (Collection or payout)
**Please make sure we have whitelisted all your IPs**
#### Headers
| Name | Type | Description |
| ---------------------------------------------- | ------ | ---------------- |
| Content-Type\* | String | application/json |
#### Request Body
| Name | Type | Description |
| -------------------------------------------------------- | ------ | ---------------------------------------------------------------------- |
| partner\_order\_id\* | String | the order id on partners end |
| amount\_to\_collect\* | String | the amount to be collected |
| timestamp\* | String | the time the order was created |
| order\_expiration\* | String | the time the order would expire |
| currency\* | String | the currency of collection eg GHS, NGN |
| partner\_callback\_url\* | String | the url where payment confirmation would be posted |
| partner\_redirect\_url | String | partners site where users would be redirected after successful payment |
| secret\* | String | merchant and partner secret. The keys are concatenated |
| intrapay\_merchant\_id | String | Your Id on the intrapay app |
| partner\_id | String | Your partner id returned on the onboard endpoint |
#### Sample code for collection
{% tabs %}
{% tab title="NodeJs" %}
```javascript
const request = require('request');
const options = {
method: 'POST',
url: 'https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/SignRequestSha512',
headers: {'Content-Type': 'application/json'},
body: {
partner_order_id: 'FUSPAY-00400-001-091-008',
amount_to_collect: '30',
timestamp: 1693285902419,
order_expiration: 1693285902419,
intrapay_merchant_id: "",
partner_id: ""
currency: 'NGN',
partner_callback_url: 'https://webhook.site/xxxxxxxx',
partner_redirect_url: 'https://google.com',
secret: '4LJDHGA-SJTECNA-XXXX-XXXXsk_partner_ph25sjy-qtfeoxy-rqbvzyq-z-xx'
},
json: true
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
```
{% endtab %}
{% endtabs %}
You can confirm the integrity of the webhooks we send to notify you of transaction progress using the same digital signature endpoint.
We send the webhook along with a signature field.
You can then sign the webhook (excluding the signature) with the digital signature endpoint and compare the signature value received from the endpoint with the signature value on the webhook sent; if they are different it means the body has been tampered with and the webhook should be discarded.
### Digital Signature
`POST` `https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/SignRequestSha512/`
The object is signed without including the signature field. Also sign exactly the fields that would be posted to the transaction endpoint (Collection or payout)
**Please make sure we have whitelisted all your IPs**
#### Headers
| Name | Type | Description |
| ---------------------------------------------- | ------ | ---------------- |
| Content-Type\* | String | application/json |
#### Request Body
| Name | Type | Description |
| -------------------------------------------------------- | ------ | ---------------------------------------------------------------------- |
| partner\_order\_id\* | String | the order id on partners end |
| amount\_to\_collect\* | String | the amount to be collected |
| timestamp\* | String | the time the order was created |
| order\_expiration\* | String | the time the order would expire |
| currency\* | String | the currency of collection eg GHS, NGN |
| partner\_callback\_url\* | String | the url where payment confirmation would be posted |
| partner\_redirect\_url | String | partners site where users would be redirected after successful payment |
| secret\* | String | merchant and partner secret. The keys are concatenated |
| intrapay\_merchant\_id | String | Your Id on the intrapay app |
| partner\_id | String | Your partner id returned on the onboard endpoint |
#### Sample code for collection
{% tabs %}
{% tab title="NodeJs" %}
```javascript
const request = require('request');
const options = {
method: 'POST',
url: 'https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/SignRequestSha512',
headers: {'Content-Type': 'application/json'},
body: {
partner_order_id: 'FUSPAY-00400-001-091-008',
amount_to_collect: '30',
timestamp: 1693285902419,
order_expiration: 1693285902419,
intrapay_merchant_id: "",
partner_id: ""
currency: 'NGN',
partner_callback_url: 'https://webhook.site/xxxxxxxx',
partner_redirect_url: 'https://google.com',
secret: '4LJDHGA-SJTECNA-XXXX-XXXXsk_partner_ph25sjy-qtfeoxy-rqbvzyq-z-xx'
},
json: true
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
```
{% endtab %}
{% endtabs %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.fuspay.us/webhook-validation-and-request-integrity.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.