QWAAP Documentation
  • Introduction
    • Introduction
  • GETTING STARTED
    • Merchant On-boarding
      • Settings
      • Compliance
    • Authentication
    • Error Handling
  • UTILITY FUNCTIONS
    • Supported Countries/Regions
    • Sandbox Test Accounts
    • Currency Limits
  • RECEIVING MONEY
    • Initiate Invoice Payment
    • Invoice Payment Statuses
  • SENDING MONEY
    • Pre-requisites
    • Initiate Wallet Payout
    • Payout Transaction Statuses
  • WEBHOOKS AND REDIRECTS
    • Webhooks
      • HMAC Signature Verification
      • RSA Signature Verification
    • Merchant Redirect
  • KNOWLEDGE BASE
    • Settlements
    • Callbacks
    • Customer Support Platforms
Powered by GitBook
On this page
  • Signature Validation
  • Responding to webhooks
  • Rejecting webhook
  1. WEBHOOKS AND REDIRECTS

Webhooks

We notify your web applications whenever invoice payment statuses change through web-hooks. We expect you to set your web-hook URL under your merchant account Profile settings by now.

PreviousPayout Transaction StatusesNextHMAC Signature Verification

Last updated 1 year ago

Introduction

Webhook

Is also know as web callback or HTTP push API. It's a way for an app to provide other applications with real-time information or data.

The data can also be referred to as webhook or callback data.

The HTTP URL reserved to receive the data from another application(Qwaap Wallet) is called a webhook or callback URL

Therefore webhook and callback can be used inter-changeably

NOTES

  1. All collection and payout transaction callbacks will be sent to the URL set as the webhook url under your merchant account API settings.

  2. A POST request with json data will be sent to your webhook url

  3. We require that you provide a secure webhook url. Therefore only, https URLs can be set or notified.

  4. You will need to acknowledge receipt of the callback by responding with the HTTP status code 200. Otherwise, we might keep calling your webhook URL at an interval of 10 minutes for 3 days.

  5. To ensure that the callback data sent to your webhook URL comes from our servers, you need to set a callback hash under the Api Settings.

  6. We will include a header called, rsa_signature and the hmac-signature in the request sent to the callback URL as shown below. You can use either of the two.

Signature Validation

You can use any of the methods below.

Responding to webhooks

  • We will stop calling you back if your callback URL responds with “HTTP status codes” below;

Code

Description

200

- OK

400

- Bad Request

401

- Unauthorised

403

- Forbidden

422

- Unprocessable entity.

Rejecting webhook

  • In a scenario where the transaction cannot be processed or you cannot give value, respond with HTTP codes below;

Code

Description

400

- Bad Request. - e.g when there’s a missing parameter

422

- Unprocessable entity. - e.g when the request is fine but you cannot complete it because the amount does not match what you expected.

KEYNOTE

Always verify the, amount to make sure it matches what is meant to be paid before giving value to the customer.

{
    "id": 1741,
    "request_amount": 10000,
    "request_currency": "NGN",
    "transaction_fee": 2000,
    "total_credit": 8000,
    "invoice_number": "QINVQF9VEWHJVLYSAA2Z",
    "merchant_reference": "M10010400",
    "payment_status": "PAID",
    "transaction_type": "COLLECTION",
    "status_message": "Invoice payment successful"
}

HMAC Signature Verification

RSA Signature Verification