Callback URL should respond with status 200 for GET request
Rocketfuel Webhook and Events
RocketFuel webhook calls are triggered to update the merchant on the updated status of the transaction.
Rocketfuel webhooks support the following events:-
Transaction is marked as pending/initiated
Transaction is marked as partial paid
Transaction is marked as successful
Transaction is marked as failed
Securing Callbacks
Order callbacks originating from RocketFuel will be signed using our callback signing RSA private key.
If you would like to verify callbacks manually in the language of your choice, the message digest used is SHA256, the message that is signed is the POST body, the padding scheme is PKCS1_v1_5, and the signature to be verified is present in the ‘signature’ HTTP data encoded as base64.
Examples
public function verifyCallback($body, $signature)
{
$signature_buffer = base64_decode( $signature );
return (1 == openssl_verify($body, $signature_buffer, self::getCallbackPublicKey(), OPENSSL_ALGO_SHA256));
}
using System;
using System.IO;
using System.Text;
using System.Security.Cryptography;
using System.Linq;
public class EncryptionUtility
{
public static bool VerifySignature(string body, string signature)
{
try
{
// Decode the base64 signature
byte[] signatureBuffer = Convert.FromBase64String(signature);
byte[] bodyBuffer = Encoding.UTF8.GetBytes(body);
using (RSA rsa = RSA.Create())
{
// Import the public key
rsa.ImportFromPem("public_key_rsa");
// Verify the signature using SHA256
return rsa.VerifyData(
bodyBuffer,
signatureBuffer,
HashAlgorithmName.SHA256,
RSASignaturePadding.Pkcs1
);
}
}
catch (Exception ex)
{
// Handle or log the exception as needed
Console.WriteLine($"Verification error: {ex.Message}");
return false;
}
}
}
Test data
RKFL provides support to custom parameters (optional) in the response based on the type of response Method passed in the invoicing API. Following is an example for GET & POST Custom parameter payload
1. GET
Query Parameters in webhook URL :- <callback URL>?custom1=crypto&custom2=RKFL&custom3=credit
referenceId :- RKFL database reference transaction id
status:-
true:- successful
false:- pending/failed/partial
paymentStatus
0 - pending
1/2/3/4 - successful
-1 - failed
101 - partial
19 - timedout
cryptoAmount :- Crypto value of transaction
cryptoCurrency :- Crypto currency used
receivedAmount :- Received crypto amount
conversionRate :- Rate of conversion from fiat to crypto during transaction
fiatCurrency - Base currency for conversion
rate - conversion rate (multiplier)
isSubscription: true if the cart contains subscription item else false
subscription: subscription id of the cart item (string)
customParameter: Custom parameters are the passthrough variables passed from merchant at the time of invoice link/uuid generation. It consist of array of object (name, value). All "name" variables serve as the key for customParameter while "value" serves as the value of keys. This is helpful if merchant wishes to get back some custom parameters to identify or apply any business logic.
Authenticity/Verification of request from RKFL
You can test the authenticity of the request emerging from Rocketfuel by using following public key to generate signature. Once the signature is generated, you can tally the signature sent by Rocketfuel.
