conomy_hq
  1. Payments
conomy_hq
  • Quickstart
    • Introduction
    • Obtain an Access Token
    • Create an Organization
    • Create users
    • Create accounts
    • Create your first top-up
    • Create your first withdrawal
    • Create your first purchase
    • Create your first p2p payment
    • Create your first collect payment
    • Supported Identity Document Types
  • Payments
    • Transaction types
    • Transaction status
    • Origins and Destinations
    • Creating a payment
    • Add & remove Fees
  • API reference
    • Auth
      • Auth
    • Identities
      • Create Identity
      • Get Identity
      • Update Identity
      • Delete Identity
      • Get Identities List
      • Add Child to Identity Children
      • Remove Child from Children
      • Add Rule to Identity
      • Remove Rule to Identity
    • Accounts
      • Create Account
      • Get Account
      • Update Account
      • Delete Account
      • Get multiple accounts
    • Payment-methods
      • Get payment-origins
      • Get payment-destinations
    • Payment-attempts
      • Create Attempt
      • Get payment-attempts list
      • Get payment-attempt
    • Payments
      • Create Payment
        POST
      • Authorize Payment
        POST
      • Capture Payment
        POST
      • Get Payment List
        GET
      • Get Payment List paginated
        GET
      • Get Payment
        GET
      • Receive Payment Provider Notification
        POST
      • Client Transaction's Notification Webhook
        POST
  1. Payments

Client Transaction's Notification Webhook

POST
{{client-url}}
Webhook to notify about the transaction status updates.
Will notify 3 possible states: CAPTURED, RECEIVED,FAILED
Signature Format
Algorithm: HMAC-SHA256
Length: 64-character hexadecimal string
Computation: The signature is generated by hashing the full JSON body (excluding the signature field) using HMAC-SHA256 with the secret key.
Signature Generation Example (Node.js)
Before sending the webhook, the signature must be computed:
const crypto = require('crypto');
const secret = "WEBHOOK_SECRET"; // Shared secret key
const payload = JSON.stringify({
event: "Transaction.Captured",
data: {
transaction: {
id: "67a0307eaddea901a60144ec",
purchaseAmount: "50000",
totalAmount: "50000",
externalId: "123456",
currency: "COP",
status: "CAPTURED"
}
}
});
// Generate HMAC-SHA256 signature
const signature = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
// Add the signature to the payload
const signedPayload = { ...JSON.parse(payload), signature };
console.log(signedPayload);
Request Request Example
Shell
JavaScript
Java
Swift
curl --location -g --request POST '{{client-url}}'
Response Response Example
{
  "event": "Transaction.Captured",
  "data": {
    "transaction": {
      "id": "67a0307eaddea901a60144ec",
      "purchaseAmount": "50000",
      "totalAmount": "50000",
      "externalId": "{{CLIENT_TRANSACTION_ID}}",
      "currency": "COP",
      "status": "CAPTURED"
    }
  },
  "signature": "f8a23d5e0c7c2b6e4a8f9d0c5b3d7e1a7f6c4e2d9b0a5f8c3e1d6b9a7c4e2d1f"
}

Request

Authorization
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************

Responses

🟢200Success
application/json
Body
event
string 
required
e.g. Transaction.Received
data
object 
required
transaction
object 
required
signature
string 
required
Algorithm: HMAC-SHA256
Length: 64-character hexadecimal string
Computation: The signature is generated by hashing the full JSON body (excluding the signature field) using HMAC-SHA256 with the secret key.
Modified at 2025-04-23 19:47:14
Previous
Receive Payment Provider Notification
Built with