Skip to content
Hubble logo Hubble logo Hubble

Transaction Webhooks

If a partner is interested in getting realtime callbacks when any transaction happens on Hubble Checkout SDK, they can listen to our webhooks.

The partner can share a webhook url with us.

Below is the data, we will post to the url.

{
    "transactionReferenceId": "01HRVY38NCAANDYPN3WVGJCDSG",
    "userId": "01HRW71319JNKJS6D3Q85X780R",
    "amount": 1000,
    "timestamp": "2018-06-13T12:11:13" // utc timestamp
}

Authentication of webhooks on partner’s end

Hubble will share secret key with the partner.

Each webhook call will contain a signature header X-Verify.

The partner needs to recreate the signature on their end with the secret key. If the partner created signature is equal to the incoming signature, that ascertains that the request is actually coming from Hubble.

Below is the logic for generating the signature.

// convert the incoming payload to string
private fun generateSignature(payload: String, secret: String): String {
    val algorithm = "HmacSHA256"
    val secretKeySpec = SecretKeySpec(secret.toByteArray(), algorithm)
    val mac = Mac.getInstance(algorithm).apply { init(secretKeySpec) }
    val signatureBytes = mac.doFinal(payload.toByteArray())
    return Base64.getEncoder().encodeToString(signatureBytes)
}

Hubble can also provide their IP address to the partner for whitelisting.