Webhook
A concise guide for integrating Amwal webhooks into any platform or technology stack.
Overview
Amwal webhooks deliver real-time notifications for payment events. When events like order creation or payment success occur, Amwal sends HTTP POST requests to your webhook endpoints with secure signature verification.
Key Features
- Real-time notifications for order and payment changes
- RSA-PSS signature verification with SHA-256
- Automatic retries with exponential backoff
- Rate limiting (60 requests/minute per endpoint)
- Event logging for debugging
- Idempotency support for duplicate deliveries
- Flexible event subscription
Webhook Flow
- Customer completes payment
- Amwal processes payment and triggers event
- Amwal sends webhook to your endpoint
- Your system verifies signature and processes event
- Your system responds with HTTP 200
- Order status updates accordingly
Prerequisites
- Amwal merchant account with API access
- Public HTTPS endpoint for webhooks
- RSA-PSS signature verification capability
- SSL certificate for endpoint
Integration Checklist
- Configure webhook endpoint URL
- Subscribe to events
- Implement signature verification
- Set up event handlers
- Implement error handling
- Add logging and monitoring
- Test with sample webhooks
Security Checklist
- HTTPS endpoint
- Signature verification
- API key validation
- Secure private key storage
- Exclude sensitive data from logs
- Rate limiting
- Idempotency handling
- Comprehensive error handling
- Monitoring and alerts
- Regular security audits
Error Handling & Retry Logic
Retry Mechanism
- Max attempts: 5 retries
- Backoff: 2^attempt seconds
- Max delay: 1 hour
- Retry triggers: HTTP 5xx, timeouts, network errors
- No retry: HTTP 4xx
Best Practices
- Verify signatures
- Validate API key
- Use HTTPS
- Secure private keys
- Implement access controls
- Log validation failures
Updated about 15 hours ago