Skip to main content
Webhook notifications are automated messages sent from Klyme to a specific URL endpoint of your choice. Instead of constantly checking for updates (polling) via API, webhooks push real-time data to a designated URL endpoint as soon as an event occurs such as a payment status changing from PENDING to COMPLETED.

Key Points

  • Webhook notifications are encrypted using aes-256-ctr.
  • Encyption for webhook notifications is enabled by default. However, encryption can be disabled upon request.
  • A HTTP 200 response must be sent back from the client to mark the delivery of the webhook notification as successful.
  • You have 5 attempts to successfully receive a unique webhook notification and send back a HTTP 200 response.
  • If after 5 attempts a HTTP 200 response is not sent back, the notification will stop sending as a failsafe.
  • Unreceived webhook notifications are still recorded by Klyme and can be re-sent upon request.

How to decrypt webhook notifications

const express = require('express');
const crypto = require('crypto');
const app = express();

app.use(express.json());

app.post('/webhooks', (req, res) => {
    const iv = Buffer.from(req.body.iv, 'hex');
    let encryptedText = Buffer.from(req.body.data, 'hex');
    let decipher = crypto.createDecipheriv('aes-256-ctr', Buffer.from(process.env.WEBHOOK_SECRET), iv);
    let decrypted = decipher.update(encryptedText);
    decrypted = Buffer.concat([decrypted, decipher.final()]);

    res.status(200).send();
});
I