These code snippets provide functionality to verify the authenticity of webhook requests and to parse the payload data. It ensures that incoming webhook requests are from a trusted source by checking their signature and then processes the request data.
Copy
Ask AI
type PayoutWebhookEvent struct {Type stringRaw stringObject interface{}}func PayoutVerifyWebhookSignature(signature string, rawBody string, timestamp string) (*PayoutWebhookEvent, error) {signatureString := timestamp + rawBodyhmacInstance := hmac.New(sha256.New, []byte(*XClientSecret))hmacInstance.Write([]byte(signatureString))bytesData := hmacInstance.Sum(nil)generatedSignature := base64.StdEncoding.EncodeToString(bytesData)if generatedSignature == signature {var object interface{}err := json.Unmarshal([]byte(rawBody), &object)if err != nil {return nil, errors.New("something went wrong when unmarshalling raw body")}if objectAsMapInterface, ok := object.(map[string]interface{}); ok {if webhookType, ok := objectAsMapInterface["type"].(string); ok {return &PayoutWebhookEvent{Type: webhookType, Raw: rawBody, Object: object}, nil}}return &PayoutWebhookEvent{Type: "", Raw: rawBody, Object: object}, nil}return nil, errors.New("generated signature and received signature did not match")}
{ "data": { "transfer_id": "JUNOB2018", "cf_transfer_id": "123456", "status": "SUCCESS", "status_code": "COMPLETED", "status_description": "The transfer has been initiated via the partner bank successfully, hence your account is debited and the request is successfully processed by the beneficiary bank and has been credited to the end beneficiary.", "beneficiary_details": { "beneficiary_id": "JOHN18011", "beneficiary_instrument_details": { "bank_account_number": "7766671501729", "bank_ifsc": "SBIN0000003" } }, "transfer_amount": 1, "transfer_service_charge": 1, "transfer_service_tax": 0.18, "transfer_mode": "BANK", "transfer_utr": "TESTR92023012200543116", "fundsource_id": "CASHFREE_1", "added_on": "2021-11-24T13:39:25Z", "updated_on": "2021-11-24T13:40:27Z" }, "event_time": "2024-07-25T17:43:37", "type": "TRANSFER_ACKNOWLEDGED"}
Cashfree Payments webhooks service does its best to deliver events to your webhook endpoint. It is best practice for your application to respond to the callback. Our webhook service may send many payloads to a single endpoint in quick succession. You will need to build an application and configure your server to receive the response we send when events get triggered during the payout process.Your server should return a 200 HTTP status code to acknowledge that you received the webhook without any issues. Any other information you return in the request headers or request body gets ignored. Any response code outside the 200 range, including 3xx codes, indicates that you did not receive the webhook.When Cashfree Payments does not get the acknowledgement due to any reason, we retry to establish the communication at regular intervals. If we do not receive the response after few attempts, we gradually decrease the rate of retries. Based on this count, the service is disabled if it fails more than five times.If do not receive notifications from Cashfree Payments as expected, please fill out the Support Form.
When you decide to consume the webhooks, first, you need to verify if your systems need an IP whitelisting to be done at your end or not. Accordingly you can whitelist the below IPs of Cashfree:
Can I subscribe to webhooks V2 if I use Payout APIs as V1 and V1.2?
Yes, you can subscribe to Webhooks V2 even if you’re currently using Payout APIs v1 and v1.2.
Can I utilise webhooks V1 while using Payouts APIs V2?
Yes, you can typically subscribe to Webhooks V1 even if you’re using Payout APIs V2.
Are the webhook events CREDIT_CONFIRMATION, BENEFICIARY_INCIDENT, and LOW_BALANCE_ALERT, previously available in webhooks V1, still supported and deliverable in Webhooks V2?
Yes, you can continue to receive the CREDIT_CONFIRMATION, BENEFICIARY_INCIDENT, and LOW_BALANCE_ALERT webhook events even after subscribing to Webhooks V2.
