Rocketfuel Blockchain
  • Welcome to Rocketfuel
  • Core Concepts
    • Overview
    • Partners
    • Merchants
    • Shoppers
    • Exchanges
    • QR Payments
    • Bank Payments
    • Invoices
    • Settlements
  • Plug-ins and SDKs
    • Bigcommerce
    • Magento
    • PrestaShop
    • WooCommerce
    • Webflow
    • Web SDK
  • Developer Guides
    • Overview
    • Quick Start
    • API Reference
      • PayIns
        • Overview
        • Encryption Algorithm
          • Public Key Based
          • Secret Key Based
        • Authentication
          • Authenticate a merchant
          • Authentication Without Email / Password
        • RocketFuel UI Integration
          • Generate Invoice Link
          • Payment Processing
            • RKFL Payment Page
            • RKFL Payment Widget
          • Transaction Lookup
            • Lookup using Auth
            • Lookup using Public Key
          • Webhooks
          • Handling Partial Payments
        • Custom UI Integration
          • Cryptocurrencies listing
          • Generate QR Code
          • QR Payment Status
          • Transactions Lookup
          • Webhooks
          • Handle Partial Payment
        • Utility APIs
          • Subscriptions/Recurring Payments
          • Store info
          • Shopper
            • Shopper manual signup
            • Verify shopper's email id
            • Shopper manual login
            • Shopper info
            • Shopper wallet balance
          • Exchange Payment
            • Exchanges listing
            • Pre-payment validation check
            • Payable amount
            • Trigger Exchange payment
          • Transaction listing
          • Order info
      • Payout
        • Overview
        • Add Payee
        • API Guide
        • Webhooks
    • Swagger API
  • Integrations
    • RocketFuel Integration
      • Objective
      • Target Audience
      • Product Feature overview
      • "How To" Guide
        • Sign up as a Merchant
        • KYC Verification
        • Using the RocketFuel API for Custom Integration
        • Using the RocketFuel Pre-built Solutions for Custom Integration
        • How to Use Testnet for Transactions
      • FAQ and Tips
  • Web UI
  • User Guide and Help Videos
    • White Label Requirements
    • ACI Merchant Onboarding Document (Certification)
    • Merchant User Guide
      • Sign-up Process
      • Sign-in Process
      • Merchant Dashboard
      • Transactions
      • Shoppers
      • Reports
      • Invoices
      • Users
      • Funds
      • Bank/ACH Payments
      • Instore
      • Settlements
      • Subscriptions
      • Release Notes
      • Verification
      • Help/FAQ
      • Plugins
        • How to Setup RocketFuel on Different plugins
        • How to Use Rocketfuel With Different SDKs
      • Settings
    • Shopper User Guide
      • Dashboard
      • Purchases
      • Profile
      • Exchange
      • Bank/ACH Payments
      • Help/FAQ
      • Settings
      • Subscriptions
    • Partner User Guide
      • Dashboard
        • How to Invite Merchants
        • How to Generate Auth Header for Merchants
      • Transactions
      • Refunds
      • Shoppers
      • Merchants
      • Reports
      • Subscriptions
      • Payment Settings
      • Settings
      • Release Notes
    • Super Partner Guide
      • Overview
      • How to Invite Partners
  • Release Notes
    • Change Log
Powered by GitBook
On this page
  • Rocketfuel Webhook and Events
  • Securing Callbacks
  • Test data

Was this helpful?

  1. Developer Guides
  2. API Reference
  3. PayIns
  4. RocketFuel UI Integration

Webhooks

PreviousLookup using Public KeyNextHandling Partial Payments

Last updated 6 months ago

Was this helpful?

To register Webhook URL, use Shop callback URL.

Callback URL should respond with status 200 for GET request

Rocketfuel Webhook and Events

RocketFuel webhook calls are triggered to update the merchant on the updated status of the transaction.

Rocketfuel webhooks support the following events:-

  • Transaction is marked as pending/initiated

  • Transaction is marked as partial paid

  • Transaction is marked as successful

  • Transaction is marked as failed

Securing Callbacks

Order callbacks originating from RocketFuel will be signed using our callback signing RSA private key.

If you would like to verify callbacks manually in the language of your choice, the message digest used is SHA256, the message that is signed is the POST body, the padding scheme is PKCS1_v1_5, and the signature to be verified is present in the ‘signature’ HTTP data encoded as base64.

Examples

public function verifyCallback($body, $signature)
{
    $signature_buffer = base64_decode( $signature );
    return (1 == openssl_verify($body, $signature_buffer, self::getCallbackPublicKey(), OPENSSL_ALGO_SHA256));
}
function verifySignature(body, public_key_rsa, signature) {
  const verifier = crypto.createVerify('RSA-SHA256');
  verifier.update(body);
  return verifier.verify(public_key_rsa, signature, 'base64');
}
using System;
using System.IO;
using System.Text;
using System.Security.Cryptography;
using System.Linq;

public class EncryptionUtility
{
    public static bool VerifySignature(string body, string signature)
    {
        try
        {
            // Decode the base64 signature
            byte[] signatureBuffer = Convert.FromBase64String(signature);
            byte[] bodyBuffer = Encoding.UTF8.GetBytes(body);

            using (RSA rsa = RSA.Create())
            {
                // Import the public key
                rsa.ImportFromPem("public_key_rsa");

                // Verify the signature using SHA256
                return rsa.VerifyData(
                    bodyBuffer,
                    signatureBuffer,
                    HashAlgorithmName.SHA256,
                    RSASignaturePadding.Pkcs1
                );
            }
        }
        catch (Exception ex)
        {
            // Handle or log the exception as needed
            Console.WriteLine($"Verification error: {ex.Message}");
            return false;
        }
    }
}

Test data

RKFL provides support to custom parameters (optional) in the response based on the type of response Method passed in the invoicing API. Following is an example for GET & POST Custom parameter payload

1. GET Query Parameters in webhook URL :- <callback URL>?custom1=crypto&custom2=RKFL&custom3=credit

Body Payload

{
  type: 'rf:alert',
  data: {
    data: '{"amount":"11","conversionRate":{"fiatCurrency":"USD","rate":1},"cryptoAmount":"11","cryptoCurrency":"USD","currency":"USD","offerId":"3910","paymentStatus":"0","receivedAmount":"0","referenceId":"d30290d4-7c91-44ef-930a-9baa81733702","status":true,"transactionId":"874eba00-674c-4a39-afd2-3e3a5f8d521f"}',
    conversionRate: { fiatCurrency: 'USD', rate: 1 },
    amount: '11',
    currency: 'USD',
    referenceId: 'd30290d4-7c91-44ef-930a-9baa81733702',
    offerId: '3910',
    transactionId: '874eba00-674c-4a39-afd2-3e3a5f8d521f',
    status: true,
    paymentStatus: '0',
    cryptoAmount: '11',
    cryptoCurrency: 'USD',
    receivedAmount: '0',
    isSubscription: false,
    subscription: {}
  },
  signature: 'n/3otT5xpyG2AoUKnIhOhIFcpHhnqyUE8h044IO04zp1EevcH62CRyPmXqv2z6AJSv2pplEy8IlBWeVFCwkEF6KIJeANeagJNSUevAqgd437W+BjpFmR9M3vj353m26h4hSnAeEYWl375iQfl7sQ0tnmDyFXOKyz42ssvsYcL0bKywsYOlKwyusoNGVjC1yCkTTVBFIMUQXgFHceRkbhEFUMQA7inw2Ux2s+Ncj+u0IVGXsFcRk/CdkcQX0r1/Q6i6rmpujovDyKyn/JGkJOKH3B62tSFy0hilH36t7vY2Q8o7Re/9cFXQNayGszY89Ijn8qNAgr4P7hn7q/goMrfQ=='
}

2. POST

Webhook URL :- <Callback URL>

Custom parameters will be received under key customParameter

Body Payload

  {
  type: 'rf:alert',
  data: {    data: '{"amount":"11","conversionRate":{"fiatCurrency":"USD","rate":1},"cryptoAmount":"11","cryptoCurrency":"USD","currency":"USD","offerId":"3917","paymentStatus":"0","receivedAmount":"0","referenceId":"7459f87b-c5f0-4752-a1ed-96f73cbeae94","status":true,"transactionId":"13c40f35-fef4-4107-9abe-e15834a09def"}',
    conversionRate: { fiatCurrency: 'USD', rate: 1 },
    amount: '11',
    currency: 'USD',
    referenceId: '7459f87b-c5f0-4752-a1ed-96f73cbeae94',
    offerId: '3917',
    transactionId: '13c40f35-fef4-4107-9abe-e15834a09def',
    status: true,
    paymentStatus: '0',
    cryptoAmount: '11',
    cryptoCurrency: 'USD',
    receivedAmount: '0',
    isSubscription: false,
    subscription: {}
  }, 
  signature: 'FBPIcIKGFQQFRzDWffca96F9Hb8iK+K4zSYxK1csGyJCAAjN1z59vki9Hgx9+tFo2a/qAPavGm8w+5VgSLIGR5UYadaAD2cy2RR4RRhShH4RtkjPiRd8iurR977FEnLjDjKLkL3lFs17Lli6nWzSsom1pj/nWlnNgaN3EdiB16ZMtVVeqXhULYk/N/yKGonsWiRxwQS5rhaD+wFXAiDwT49uK4vDkgbC4UCvz7Sz7/gsuzfj3ULqkoPPg9tWLezlovl99iFZ/WpRKV4iv3eDadNhLcFarRNGDcIbH98S0ueZCBiM1aSmQaOF/YiUAVq6qjlfCd85KIDc7FKYKQSWwg==',
  customParameter: {
    custom1: 'crypto',
    custom2: 'RKFL',
    custom3: 'credit'
  }
}

NOTE: There can be multiple custom parameters.

Where

  1. amount :- Amount (Float)

  2. currency :- Currency of transaction

  3. offerId :- Merchant database Order/offer id

  4. referenceId :- RKFL database reference transaction id

  5. status:-

    • true:- successful

    • false:- pending/failed/partial

  6. paymentStatus

    • 0 - pending

    • 1/2/3/4 - successful

    • -1 - failed

    • 101 - partial

    • 19 - timedout

  7. cryptoAmount :- Crypto value of transaction

  8. cryptoCurrency :- Crypto currency used

  9. receivedAmount :- Received crypto amount

  10. conversionRate :- Rate of conversion from fiat to crypto during transaction

    • fiatCurrency - Base currency for conversion

    • rate - conversion rate (multiplier)

  11. isSubscription: true if the cart contains subscription item else false

  12. subscription: subscription id of the cart item (string)

  13. customParameter: Custom parameters are the passthrough variables passed from merchant at the time of invoice link/uuid generation. It consist of array of object (name, value). All "name" variables serve as the key for customParameter while "value" serves as the value of keys. This is helpful if merchant wishes to get back some custom parameters to identify or apply any business logic.

Authenticity/Verification of request from RKFL

You can test the authenticity of the request emerging from Rocketfuel by using following public key to generate signature. Once the signature is generated, you can tally the signature sent by Rocketfuel.

Signature:

f09HYBeZFqMkeo/ri5kZI0DGnCiSnYSl2KSZLaB3tIL722a1IsnCSsWsfdZRAiv/7e/MdqguXTBmEUdBzKnzR2ATBJF5VRtLeD7LhnNxpSs1+sAAgIwI2JS6nkRj8DTKZbZUzweGSdgARZfxxoVqQaaW4DPb8kXhGPVo/tOG8Rw62Vbyg279ysgWCtNuYltKg05DFxfWy287LtBnvs3kaw0xoTuR5rCnEncFFLRozSCPRSRU0Ebb3kfWNK6surso9OrqVkdbzXLCpLuLkkakxNvNpahzvB3DuT2zZn0NFxP8YGJquAVcWLh2aj0syRPDArHY5An5CtQ6nuiiJB6jTw==

Public RSA key

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2e4stIYooUrKHVQmwztC
/l0YktX6uz4bE1iDtA2qu4OaXx+IKkwBWa0hO2mzv6dAoawyzxa2jmN01vrpMkMj
rB+Dxmoq7tRvRTx1hXzZWaKuv37BAYosOIKjom8S8axM1j6zPkX1zpMLE8ys3dUX
FN5Dl/kBfeCTwGRV4PZjP4a+QwgFRzZVVfnpcRI/O6zhfkdlRah8MrAPWYSoGBpG
CPiAjUeHO/4JA5zZ6IdfZuy/DKxbcOlt9H+z14iJwB7eVUByoeCE+Bkw+QE4msKs
aIn4xl9GBoyfDZKajTzL50W/oeoE1UcuvVfaULZ9DWnHOy6idCFH1WbYDxYYIWLi
AQIDAQAB
-----END PUBLIC KEY-----