endpoints
Webhook

Webhook (IPN Notification)

You can find how to handle webhooks here.


What is this webhook for?

When you want to create a Pallapay API you need to provide a Webhook URL.

The reason is when you create a payment request for a user we will notify you about the payment status by sending payment information to your Webhook URL.

Information you will receive in your webhook URL

{
    "data": {
        "payment_request_id": "fd423e12ff9d4a33a14fcba6a4df54e2",
        "payment_amount":  "10.00000000000000",
        "payment_currency": "AED",
        "receiving_amount": "10.00000000000000",
        "paid_cryptocurrency": "TRX",
        "fee_amount":  "2.40000000000000",
        "fee_paid_by": "BUYER",
        "payer_email_address":  "[email protected]",
        "payer_first_name": "John",
        "payer_last_name":  "Doe",
        "ref_id": "49f70172ef8e48189bb3",
        "merchant_id":  "d6b5g6cw0gc3ui6ad3wf",
        "merchant_name": "My Merchant Name",
        "status":  "UNPAID",
        "paid_at": null,
        "note":  "My Note"
    },
    "approval_hash": "49f70172ef49f70172ef8e48189bb38e48189bb349f70172ef8e48189bb349f70172ef8e48189bb349f70172ef8e48189bb3"
}

Response Body:

NameExample ValueDescription
payment_request_idStringUnique ID of created payment
payment_amountStringPayment amount in selected currency
payment_currencyStringSelected fiat currency to pay
receiving_amountString (Nullable)The amount that you will receive in your Pallapay balance (After fees, if applicable)
paid_cryptocurrencyString (Nullable)The cryptocurrency your user selected to pay with
fee_amountString (Nullable)Payment fee in selected fiat currency
fee_paid_byString (Nullable)Who paid the fees on this payment (You can choose who pay for fees in dashboard -> merchants)
payer_email_addressStringPayer email address
payer_first_nameString (Nullable)Payer first name
payer_last_nameString (Nullable)Payer last name
ref_idString (Nullable)User payment reference ID
merchant_idStringYour merchant ID
merchant_nameStringYour merchant name
statusString ("PAID", "UNPAID" or "PENDING")Payment status
paid_atString (Nullable)Payment was done at (date/time)
noteString (Nullable)Custom note that you pass in creation time
approval_hashStringA hash to validate the request and make sure it is legit (You can see how to validated the request in next section)

Validate the webhook call

$secretKey = "YOUR_SECRET_KEY";
$inputJson = file_get_contents('php://input');
$input = json_decode($inputJson, TRUE);
 
$data = $input["data"];
ksort($data);
 
$approvalString = implode('', $data);
$approvalHash = hash_hmac('sha256', $approvalString, $secretKey);
 
if ($input["approval_hash"] == $approvalHash) {
    echo "Payment Request ID: " . $data["payment_request_id"] . "\n";
    echo "Payment Amount: {$data["payment_amount"]} {$data["payment_currency"]}\n";
    echo "Status: " . $data["status"] . "\n";
} else {
    echo "Invalid Request";
}

Note: In Pallapay SDKs you can find a method to validate the webhook request easier.