6. Webhook Payload Authentication

This page goes into details of the authentication options available for your web hook.

There are two options available for payload verification:

Option 1 – Secret Key Authentication

Your webhook data payload will be sent along with a JWT token containing {secret: your_secret_key} as its payload. This token will be placed in the request header called x-payload-auth.

Option 2 – IP Whitelisting

It is recommended that you implement an IP whitelist to ensure that JSON payloads to your registered web hook are received only from the following authorized IPs.

IP1: Provided on request

IP2: Provided on request

Transaction notification payloads will be re-tried if your web hook response status code is other than 200. Re-trial will take place twice per hour and then stop at end of day (EOD).

NOTE: The http method for your web hook should be POST as it will be receiving a JSON payload

Webhook JSON Payload Samples

Bank Transfer (EFT)

{
    "reference": "Smooth-Test-5cb7311e-efc2-e2dd-9e94-fvvb4a76932b",
    "session_id": "100089040525101154000562534883",
    "amount": 100,
    "fee": 1.17,
    "account_number": "4600577000",
    "originator_account_number": "",
    "originator_account_name": "Emeka Ajibade",
    "originator_bank": "",
    "timestamp": "2023-06-07T09:26:30.214Z",
    "email": "gomadachris@gmail.com",
    "transactionref": "vpayuserd9e34cff027a11877416861824430"
}

Card

{
    "reference": "Smooth-Test-5cb7311e-1b93-665f-9e94-5d704a76932b",
    "session_id": "Card-VPay-168612998852",
    "amount": 90,
    "fee": 1.17,
    "originator_account_name": "Card Payment By ****7030 (gomadachris@gmail.com)",
    "timestamp": "2023-06-07T09:26:30.214Z",
    "email": "gomadachris@gmail.com",
    "transactionref": "vpayuser64804cff027a1187741686129919",
    "transaction_status": "success" | "failed"
}

NOTE: The transaction_status property is either success or failed for Card payloads.

Last updated