Webhooks - niko-technologies/cards-open-api-docs GitHub Wiki

General overview

To reseive webhooks you should provide your webhook url to integration manager.

All webhooks will be sended by POST method to provided url.

Wehook structure

The webhook structure is:

{
  eventType: EventType;
  data: {
  } // Depends on EventType
}

Available event types:

EventType	Description
TRANSACTION	Comes after transactions
ACCOUNT_CREATED	Comes after account created and it is available for card order
USER_KYC_UPDATED	Comes after user kyc status changed (for personal cards)

transaction.dto

{
  "id": "string",
  "amount": "number",
  "fee": "number",
  "currencyCode": "string",
  "status": "string",
  "type": "string",
  "details": "string",
  "createdAt": "string"
}

account_created.dto

{
  "id": "string"
}

user_kyc_updated.dto

{
  "id": "string",
  "kycStatus": "pending" | "completed" | "failed"
}

Security

All sended webhooks will be verified by signature.

Signature added to the X-Signature header and is generated depends on data of the webhook and your secret key.

Example of signature verification in Node.js:

const { createHmac } = require('crypto');

...
const signature = req.headers['x-signature'];
const secretKey = 'YOUR_SECRET_KEY';

const validSignature = createHmac('sha256', secretKey)
  .update(JSON.stringify(request.body), 'utf8')
  .digest('base64');

const isSignatureValid = signature === validSignature;
...