Learn how to implement and secure webhooks for real-time payment notifications.
Set up your webhook endpoint URL in the dashboard.
Implement the webhook endpoint in your application.
const express = require('express');
const crypto = require('crypto');
const app = express();
app.use('/webhook', express.raw({type: 'application/json'}));
app.post('/webhook', (req, res) => {
const signature = req.headers['x-gopaynow-signature'];
const payload = req.body;
// Verify webhook signature
if (!verifySignature(payload, signature)) {
return res.status(400).send('Invalid signature');
}
const event = JSON.parse(payload);
handleWebhookEvent(event);
res.status(200).send('OK');
});Implement signature verification for security.
function verifySignature(payload, signature) {
const expectedSignature = crypto
.createHmac('sha256', process.env.WEBHOOK_SECRET)
.update(payload, 'utf8')
.digest('hex');
const providedSignature = signature.replace('sha256=', '');
return crypto.timingSafeEqual(
Buffer.from(expectedSignature, 'hex'),
Buffer.from(providedSignature, 'hex')
);
}Process different webhook event types.
function handleWebhookEvent(event) {
switch (event.type) {
case 'payment.completed':
handlePaymentCompleted(event.data);
break;
case 'payment.failed':
handlePaymentFailed(event.data);
break;
case 'transfer.completed':
handleTransferCompleted(event.data);
break;
default:
console.log('Unhandled event type:', event.type);
}
}Always verify webhook signatures to prevent malicious requests
Process webhooks quickly and return 200 status immediately
Handle duplicate webhook deliveries gracefully
Log all webhook events for debugging and monitoring