# Webhooks To register Webhook URL, use Shop callback URL. Callback URL should respond with status 200 for GET request ![](https://1226631082-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fxp9w5RKLdYBhhpcmcvEp%2Fuploads%2FXsrGnlgo3vuAob61c6lf%2Fimage.png?alt=media\&token=dd097dbc-8211-459d-b5dc-edd781417c07) ## Rocketfuel Webhook and Events RocketFuel webhook calls are triggered to update the merchant on the updated status of the transaction. Rocketfuel webhooks support the following events:- * Transaction is marked as pending/initiated * Transaction is marked as partial paid * Transaction is marked as successful * Transaction is marked as failed ## Securing Callbacks Order callbacks originating from RocketFuel will be signed using our callback signing RSA private key. If you would like to verify callbacks manually in the language of your choice, the message digest used is SHA256, the message that is signed is the POST body, the padding scheme is PKCS1\_v1\_5, and the signature to be verified is present in the ‘signature’ HTTP data encoded as base64. **Examples** {% tabs %} {% tab title="PHP" %} ```php public function verifyCallback($body, $signature) { $signature_buffer = base64_decode( $signature ); return (1 == openssl_verify($body, $signature_buffer, self::getCallbackPublicKey(), OPENSSL_ALGO_SHA256)); } ``` {% endtab %} {% tab title="Node.js" %} ``` function verifySignature(body, public_key_rsa, signature) { const verifier = crypto.createVerify('RSA-SHA256'); verifier.update(body); return verifier.verify(public_key_rsa, signature, 'base64'); } ``` {% endtab %} {% tab title="C#" %} ```csharp using System; using System.IO; using System.Text; using System.Security.Cryptography; using System.Linq; public class EncryptionUtility { public static bool VerifySignature(string body, string signature) { try { // Decode the base64 signature byte[] signatureBuffer = Convert.FromBase64String(signature); byte[] bodyBuffer = Encoding.UTF8.GetBytes(body); using (RSA rsa = RSA.Create()) { // Import the public key rsa.ImportFromPem("public_key_rsa"); // Verify the signature using SHA256 return rsa.VerifyData( bodyBuffer, signatureBuffer, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1 ); } } catch (Exception ex) { // Handle or log the exception as needed Console.WriteLine($"Verification error: {ex.Message}"); return false; } } } ``` {% endtab %} {% endtabs %} ### Test data RKFL provides support to custom parameters (optional) in the response based on the type of response Method passed in the invoicing API. Following is an example for GET & POST Custom parameter payload 1\. GET\ Query Parameters in webhook URL :- \?custom1=crypto\&custom2=RKFL\&custom3=credit **Body Payload** ``` { type: 'rf:alert', data: { data: '{"amount":"11","conversionRate":{"fiatCurrency":"USD","rate":1},"cryptoAmount":"11","cryptoCurrency":"USD","currency":"USD","offerId":"3910","paymentStatus":"0","receivedAmount":"0","referenceId":"d30290d4-7c91-44ef-930a-9baa81733702","status":true,"transactionId":"874eba00-674c-4a39-afd2-3e3a5f8d521f"}', conversionRate: { fiatCurrency: 'USD', rate: 1 }, amount: '11', currency: 'USD', referenceId: 'd30290d4-7c91-44ef-930a-9baa81733702', offerId: '3910', transactionId: '874eba00-674c-4a39-afd2-3e3a5f8d521f', status: true, paymentStatus: '0', cryptoAmount: '11', cryptoCurrency: 'USD', receivedAmount: '0', isSubscription: false, subscription: {} }, signature: 'n/3otT5xpyG2AoUKnIhOhIFcpHhnqyUE8h044IO04zp1EevcH62CRyPmXqv2z6AJSv2pplEy8IlBWeVFCwkEF6KIJeANeagJNSUevAqgd437W+BjpFmR9M3vj353m26h4hSnAeEYWl375iQfl7sQ0tnmDyFXOKyz42ssvsYcL0bKywsYOlKwyusoNGVjC1yCkTTVBFIMUQXgFHceRkbhEFUMQA7inw2Ux2s+Ncj+u0IVGXsFcRk/CdkcQX0r1/Q6i6rmpujovDyKyn/JGkJOKH3B62tSFy0hilH36t7vY2Q8o7Re/9cFXQNayGszY89Ijn8qNAgr4P7hn7q/goMrfQ==' } ``` 2\. POST Webhook URL :- \ Custom parameters will be received under key customParameter **Body Payload** ``` { type: 'rf:alert', data: { data: '{"amount":"11","conversionRate":{"fiatCurrency":"USD","rate":1},"cryptoAmount":"11","cryptoCurrency":"USD","currency":"USD","offerId":"3917","paymentStatus":"0","receivedAmount":"0","referenceId":"7459f87b-c5f0-4752-a1ed-96f73cbeae94","status":true,"transactionId":"13c40f35-fef4-4107-9abe-e15834a09def"}', conversionRate: { fiatCurrency: 'USD', rate: 1 }, amount: '11', currency: 'USD', referenceId: '7459f87b-c5f0-4752-a1ed-96f73cbeae94', offerId: '3917', transactionId: '13c40f35-fef4-4107-9abe-e15834a09def', status: true, paymentStatus: '0', cryptoAmount: '11', cryptoCurrency: 'USD', receivedAmount: '0', isSubscription: false, subscription: {} }, signature: 'FBPIcIKGFQQFRzDWffca96F9Hb8iK+K4zSYxK1csGyJCAAjN1z59vki9Hgx9+tFo2a/qAPavGm8w+5VgSLIGR5UYadaAD2cy2RR4RRhShH4RtkjPiRd8iurR977FEnLjDjKLkL3lFs17Lli6nWzSsom1pj/nWlnNgaN3EdiB16ZMtVVeqXhULYk/N/yKGonsWiRxwQS5rhaD+wFXAiDwT49uK4vDkgbC4UCvz7Sz7/gsuzfj3ULqkoPPg9tWLezlovl99iFZ/WpRKV4iv3eDadNhLcFarRNGDcIbH98S0ueZCBiM1aSmQaOF/YiUAVq6qjlfCd85KIDc7FKYKQSWwg==', customParameter: { custom1: 'crypto', custom2: 'RKFL', custom3: 'credit' } } ``` **NOTE: There can be multiple custom parameters.** **Where** 1. amount :- Amount (Float) 2. currency :- Currency of transaction 3. offerId :- Merchant database Order/offer id 4. referenceId :- RKFL database reference transaction id 5. status:- * true:- successful * false:- pending/failed/partial 6. paymentStatus (For more information on transaction statuses, [click here](https://docs.rocketfuel.inc/developer-guides/api-reference/payins/rocketfuel-ui-integration/transaction-statuses) to access the full guide.) * 0 - pending * 1/2/3/4 - successful * -1 - failed * 101 - partial * 19 - timedout 7. cryptoAmount :- Crypto value of transaction 8. cryptoCurrency :- Crypto currency used 9. receivedAmount :- Received crypto amount 10. conversionRate :- Rate of conversion from fiat to crypto during transaction * fiatCurrency - Base currency for conversion * rate - conversion rate (multiplier) 11. isSubscription: true if the cart contains subscription item else false 12. subscription: subscription id of the cart item (string) 13. customParameter: Custom parameters are the passthrough variables passed from merchant at the time of invoice link/uuid generation. It consist of array of object (name, value). All "name" variables serve as the key for customParameter while "value" serves as the value of keys. This is helpful if merchant wishes to get back some custom parameters to identify or apply any business logic. **Authenticity/Verification of request from RKFL** You can test the authenticity of the request emerging from Rocketfuel by using following public key to generate signature. Once the signature is generated, you can tally the signature sent by Rocketfuel. #### Signature: ```json f09HYBeZFqMkeo/ri5kZI0DGnCiSnYSl2KSZLaB3tIL722a1IsnCSsWsfdZRAiv/7e/MdqguXTBmEUdBzKnzR2ATBJF5VRtLeD7LhnNxpSs1+sAAgIwI2JS6nkRj8DTKZbZUzweGSdgARZfxxoVqQaaW4DPb8kXhGPVo/tOG8Rw62Vbyg279ysgWCtNuYltKg05DFxfWy287LtBnvs3kaw0xoTuR5rCnEncFFLRozSCPRSRU0Ebb3kfWNK6surso9OrqVkdbzXLCpLuLkkakxNvNpahzvB3DuT2zZn0NFxP8YGJquAVcWLh2aj0syRPDArHY5An5CtQ6nuiiJB6jTw== ``` #### Public RSA key ``` -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2e4stIYooUrKHVQmwztC /l0YktX6uz4bE1iDtA2qu4OaXx+IKkwBWa0hO2mzv6dAoawyzxa2jmN01vrpMkMj rB+Dxmoq7tRvRTx1hXzZWaKuv37BAYosOIKjom8S8axM1j6zPkX1zpMLE8ys3dUX FN5Dl/kBfeCTwGRV4PZjP4a+QwgFRzZVVfnpcRI/O6zhfkdlRah8MrAPWYSoGBpG CPiAjUeHO/4JA5zZ6IdfZuy/DKxbcOlt9H+z14iJwB7eVUByoeCE+Bkw+QE4msKs aIn4xl9GBoyfDZKajTzL50W/oeoE1UcuvVfaULZ9DWnHOy6idCFH1WbYDxYYIWLi AQIDAQAB -----END PUBLIC KEY----- ```