This guide explains how to configure, test, and secure webhooks for seamless integration with the OpenXSwitch API.
Webhooks in OpenXSwitch provide real-time notifications for key system events such as transfers, swap, withdrawals, and deposits across all wallet products. For example, you can receive instant updates when a withdrawal is initiated, an order is executed, or a deposit is confirmed.
To ensure your webhook integration is working correctly, you can use the OpenXSwitch Simulation API to trigger test events. This allows you to simulate real scenarios such as transaction updates or deposit confirmations and verify that your endpoint processes them correctly.
To ensure webhook requests are authentic, OpenXSwitch includes an X-Webhook-Signature header with each request. This signature is generated using SHA256 and your webhook secret.
You should verify this signature before processing any incoming event.
Here’s an example of how to verify the webhook signature in Node, Python and PHP:
const crypto = require('crypto');// Your webhook secretconst secret = 'your_webhook_secret';// The raw body of the webhook event (as a string)const body = '{"requestId": "","method": "deposit.accepted","params": {.....}}';// The signature from the X-Webhook-Signature headerconst signature = req.headers['x-webhook-signature'];// Create the HMACconst hmac = crypto.createHmac('sha256', secret);hmac.update(body);const digest = hmac.digest('hex');// Compare the generated HMAC digest with the signatureif (digest === signature) { console.log('Webhook signature is valid.');} else { console.log('Invalid webhook signature.');}
To ensure reliable event delivery, OpenXSwitch automatically retries failed webhook notifications when your endpoint does not acknowledge an event successfully.