Webhook

A webhook in web development is a method of augmenting or altering the behavior of a web page or web application with custom callbacks. These callbacks may be maintained, modified, and managed by third-party users and developers who may not necessarily be affiliated with the originating website or application.

Swipe webhook will be triggered by subscribed webhook event (you can subscribe it here). Swipe also will include a hash value as a security measure. Client need to verify the hash value with their own generated hash value, Please refer to How To Generate Signature section. Swipe also have build a fallback mechanism which will resend a webhook if swipe are receive an error response from client side. The maximum number of attempt will be 3.

Http Request

POST {event_url}

Sample Post Parameter

Parameter Description
trigger_at Trigger time from Swipe
event Event Name
data Payload (might be differ by event)

Sample payment.created Payload Parameter

Parameter Description
attempt_id ID that represent user transaction attempt
charge_amount Charged amount for the successful payment
payment_id ID that represent user payment
payment_time Date time when the paymend was made, in format d-m-Y h:i:s a TimeZone. Example, 02-12-2021 12:08:50 pm
payment_amount Payer's paid amount in positive integer
payment_status Payment current status
payment_link_id ID that represent user payment link
payment_link_reference Payment link reference (for client reference)
payment_link_reference_2 Payment link reference 2 (for client reference)
payment_message Message that related with user current transaction status
payment_reference_model Product model link to payment link
payment_reference_id Product id link to payment link
payment_reference_model Product model link to payment link
payment_reference_id Product id link to payment link
payment_currency Payment currency
payment_method Payment method use by payer
payment_provider Payment provider use by business

How To Generate Signature

  1. The signature is generated by using HMAC hashing algorithm with SHA256 or md5 on a string consisting of (according to sequence), for this example we are using payment.created event:

    • attempt_id
    • charge_amount
    • payment_id
    • payment_time
    • payment_amount
    • payment_link_id
    • payment_link_reference
    • payment_link_reference_2
    • payment_reference_model
    • payment_reference_id
    • payment_message
    • payment_currency
    • payment_method
    • payment_provider
  1. For example if the values for payload parameters are as below:
{
  "trigger_at": "13-01-2022 05:08:09 pm",
  "event": "payment.created",
  "data": {
    "payment_link_id": "61de5d3c93b93a2e730ccc13",
    "attempt_id": "95560a0f-5296-4b1b-b67b-0ad45419ef75",
    "payment_id": "163841813025242143",
    "payment_status": 1,
    "payment_message": "Payment was successful",
    "payment_time": "02-12-2021 12:08:50 pm",
    "payment_amount": 10,
    "charge_amount": 1.5,
    "payment_currency": "MYR",
    "payment_link_reference": null,
    "payment_link_reference_2": null,
    "payment_method": "Credit Card",
    "payment_provider": "Swipe Go",
    "hash": "e68923fc8fcb96287dc466698c099a7b10caafafb7a0410798e0ce57e2da3d16"
  }
}
  1. Extract the values from data component (json payload as show above) and concate it as string as follows:
$str = "61de5d3c93b93a2e730ccc1395560a0f-5296-4b1b-b67b-0ad45419ef751638418130252421431Payment was successful02-12-2021 12:08:50 pm101.5MYRInes KihnTest PaymentCredit CardSwipeGo";
  1. Then generate the hash value with the your signature key (which can be find it here) as follows:
echo hash_hmac(‘SHA256′, 'your-signature-key' . $str, 'your-signature-key');

// generated signature = fb5659e4b8fc7310912439ec0b4071aa12a296bf38173b44d0177c0518a1eac0
  1. Now you need to compare the hash value that you have generated with the hash value sent from Swipe. If the value does not match then the data may have been tampered.