Webhook Integration
The Waga Payment API allows you to receive real-time notifications when a payment is completed through webhooks. A webhook is an HTTP request sent to a specified URL whenever a specific event, such as a payment completion, occurs.
How to Set Up the Webhook
1. Registering the Webhook URL
To start receiving payment notifications, you need to register a webhook URL by making a request to the /register endpoint of the Waga API.
- The
webhook_urlparameter is optional but necessary for receiving notifications. - The registered
webhook_urlmust be a GET endpoint on your server.
2. Webhook URL Behavior
Once registered, the webhook_url will receive a GET request whenever a payment is successfully completed.
- You can use this request to update databases, trigger further processes, or notify users.
3. Securing Webhook with HMAC Signature
To ensure the webhook request is secure and comes from Waga, we include an X-WAGA-HMAC-Signature header in every webhook request.
- The HMAC signature is generated using a secret key available in your merchant dashboard.
- It’s highly recommended to verify this signature on your server to authenticate the request.
4. Verifying the HMAC Signature
To verify the authenticity of the webhook request, follow these steps:
- Generate an HMAC signature using your secret key and the SHA256 algorithm.
- Compare this generated signature with the one in the
X-WAGA-HMAC-Signatureheader. - If the signatures match, the request is verified. Otherwise, the request should be rejected.
Example Payload
Here’s an example of what the payload from Waga might look like when a payment is completed:
{
"order_id": "UvlTazsFEODni6gD5f6q7jh3",
"order_number": "12oijd34454",
"status": "COMPLETED",
"amount": "10.00",
"deducted": "0.2",
"currency": "ETB",
"payment_option": "wegagen_card",
"payment_type": "API",
"customer_phone": "0911121314",
"reason": "reason for transaction",
"created_timestamp": "2024-09-02 14:18:05.357763",
"updated_timestamp": "2024-09-02 14:19:05.868672"
}By setting up the webhook and verifying the HMAC signature, you ensure that your system receives secure and reliable notifications about payment events.