Webhook Validation & Request Integrity

You can confirm the integrity of the webhooks we send to notify you of transaction progress using the same digital signature endpoint.

We send the webhook along with a signature field.

You can then sign the webhook (excluding the signature) with the digital signature endpoint and compare the signature value received from the endpoint with the signature value on the webhook sent; if they are different it means the body has been tampered with and the webhook should be discarded.

Digital Signature

The digital signature endpoint is used to sign request, and confirm data integrity (validate webhooks or callbacks)

In order to create a collection request the request first has to be signed at the digital signature endpoint. This allows us to confirm the integrity of the request reaching us before we process it.

Another transactions that has to be signed before posting is payout request.

How request are signed

Request are signed by posting them to the following endpoint and signing them with the approriate credentials

Collection Orders

Collection orders are signed with merchant and partner secret concatenated

Payout Orders

request are only signed with the merchant secrete keys.

Digital Signature

POST https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/SignRequestSha512/

The object is signed without including the signature field. Also sign exactly the fields that would be posted to the transaction endpoint (Collection or payout)

Please make sure we have whitelisted all your IPs

Headers

Name
Type
Description

Content-Type*

String

application/json

Request Body

Name
Type
Description

partner_order_id*

String

the order id on partners end

amount_to_collect*

String

the amount to be collected

timestamp*

String

the time the order was created

order_expiration*

String

the time the order would expire

currency*

String

the currency of collection eg GHS, NGN

partner_callback_url*

String

the url where payment confirmation would be posted

partner_redirect_url

String

partners site where users would be redirected after successful payment

secret*

String

merchant and partner secret. The keys are concatenated

intrapay_merchant_id

String

Your Id on the intrapay app

partner_id

String

Your partner id returned on the onboard endpoint

Sample code for collection

const request = require('request');


const options = {
  method: 'POST',
  url: 'https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/SignRequestSha512',
  headers: {'Content-Type': 'application/json'},
  body: {
    partner_order_id: 'FUSPAY-00400-001-091-008',
    amount_to_collect: '30',
    timestamp: 1693285902419,
    order_expiration: 1693285902419,
    intrapay_merchant_id: "",
    partner_id: ""
    currency: 'NGN',
    partner_callback_url: 'https://webhook.site/xxxxxxxx',
    partner_redirect_url: 'https://google.com',
    secret: '4LJDHGA-SJTECNA-XXXX-XXXXsk_partner_ph25sjy-qtfeoxy-rqbvzyq-z-xx'
  },
  json: true
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

You can confirm the integrity of the webhooks we send to notify you of transaction progress using the same digital signature endpoint.

We send the webhook along with a signature field.

You can then sign the webhook (excluding the signature) with the digital signature endpoint and compare the signature value received from the endpoint with the signature value on the webhook sent; if they are different it means the body has been tampered with and the webhook should be discarded.

Digital Signature

POST https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/SignRequestSha512/

The object is signed without including the signature field. Also sign exactly the fields that would be posted to the transaction endpoint (Collection or payout)

Please make sure we have whitelisted all your IPs

Headers

Name
Type
Description

Content-Type*

String

application/json

Request Body

Name
Type
Description

partner_order_id*

String

the order id on partners end

amount_to_collect*

String

the amount to be collected

timestamp*

String

the time the order was created

order_expiration*

String

the time the order would expire

currency*

String

the currency of collection eg GHS, NGN

partner_callback_url*

String

the url where payment confirmation would be posted

partner_redirect_url

String

partners site where users would be redirected after successful payment

secret*

String

merchant and partner secret. The keys are concatenated

intrapay_merchant_id

String

Your Id on the intrapay app

partner_id

String

Your partner id returned on the onboard endpoint

Sample code for collection

const request = require('request');


const options = {
  method: 'POST',
  url: 'https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/SignRequestSha512',
  headers: {'Content-Type': 'application/json'},
  body: {
    partner_order_id: 'FUSPAY-00400-001-091-008',
    amount_to_collect: '30',
    timestamp: 1693285902419,
    order_expiration: 1693285902419,
    intrapay_merchant_id: "",
    partner_id: ""
    currency: 'NGN',
    partner_callback_url: 'https://webhook.site/xxxxxxxx',
    partner_redirect_url: 'https://google.com',
    secret: '4LJDHGA-SJTECNA-XXXX-XXXXsk_partner_ph25sjy-qtfeoxy-rqbvzyq-z-xx'
  },
  json: true
};

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Last updated