Order Webhooks

Payment callback (Payment notification) will be sent to merchant's webhookUrl when order status is changed.

For Security Purpose, Ezeebit Pay will add signature for webhook notification. Partner need to verify the signature using the public key issued from Ezeebit Pay . Public key can be queried from Query Certificate API

Ezeebit Pay callback sends data below:

Name

Value

payId

Custom order ID of the merchant.

paymentLink

Payment Link

currency

The currency code which defines the currency in which the merchant's goods/services are priced; for example, USDT, ETH, BTC

amount

The amount of cryptocurrency (defined by pay_currency) paid by the shopper.

status

Payment Status

tradeOrderNo

Trade Order No.

receiptAddress

The receiving address of the transaction

transactionId

Transaction ID

gateway

The payment type of the transaction, includes Ethereum, BSC, Bitcoin, BTC, Lightning, Tron, Solana , Luno Pay, VALR Pay and Binance Pay

fromAddress

The from address of the transaction

payAmount

The amount which will be credited to the merchant when the order is paid

paySymbol

The cryptocurrency in which the payment was made; for example, BTC, USDT, ETH.

createTime

Order creation time.

transactionTime

The time when the transaction occurred

txHash

The hash of the transaction

matchType

Return type: AmountNotMatch, AmountMatch

created_at

Order creation time.

externalUserId

Registered user's ID

Request Headers

Attributes

Type

Required

Value

Ezeebit-Timestamp

long

UnixTimestamp in milliseconds

Ezeebit-Nonce

string

must be 32 digits

Ezeebit-Certificate-SN

string

API key issued by Ezeebit Pay system

Ezeebit-Signature

string

this should use SHA512, and be in upper case

Verify the Signature

Build the payload

Java

String payload = timestamp + "\n" + nonce + "\n" + body + "\n";

Java

byte[] decodedSignature = Base64.getDecoder().decode(signature);

Verify the content with public key

Note:

Hash algorithm should use SHA256

Sample Java code is here, together with org.bouncycastle toolkit.

// input: pubKeyStr, decodedSignature, payload
PEMParser pubParser = new PEMParser(new StringReader(pubKeyStr))
SubjectPublicKeyInfo pubKeyObj = (SubjectPublicKeyInfo) pubParser.readObject();
AsymmetricKeyParameter pubKey = PublicKeyFactory.createKey(pubKeyObj);

byte[] payloadBytes = payload.getBytes(StandardCharsets.UTF_8);
RSADigestSigner verifier = new RSADigestSigner(new SHA256Digest());
verifier.init(false, pubKey);
verifier.update(payloadBytes, 0, payloadBytes.length);

return verifier.verifySignature(decodedSignature);

PreviousOrder Status NextQuery Certificate

Last updated 1 day ago

hashtagEzeebit Pay callback sends data below:

hashtagRequest Headers

hashtag

hashtagVerify the Signature

hashtagVerify the content with public key

Ezeebit Pay callback sends data below:

Request Headers

Verify the Signature

Verify the content with public key