Webhooks - Devdraft API Documentation

How Webhooks Work

Create a webhook endpoint by providing your server’s URL and selecting which events you want to receive.

Receive Notifications

When events occur, Devdraft sends HTTP POST requests to your endpoint with event data.

Process Events

Your server processes the webhook payload and takes appropriate action based on the event type.

Create a Webhook Endpoint

curl -X POST 'https://api.devdraft.ai/v0/webhooks' \
  -H 'x-client-key: your-client-key' \
  -H 'x-client-secret: your-client-secret' \
  -H 'Content-Type: application/json' \
  -d '{
    "url": "https://your-domain.com/webhook",
    "events": ["payment.success", "payment.failed"],
    "description": "Payment notification webhook"
  }'

{
  "id": "webhook_123456789",
  "url": "https://your-domain.com/webhook",
  "events": ["payment.success", "payment.failed"],
  "description": "Payment notification webhook",
  "status": "active",
  "created_at": "2024-01-15T10:30:00Z",
  "secret": "whsec_abc123def456"
}

Authentication

x-client-key

string

required

Your Devdraft API key with webhook:create scope

x-client-secret

string

required

Your Devdraft API secret

Content-Type

string

required

application/json

This endpoint requires API Key with webhook:create scope. Make sure your API key has the necessary permissions.

Request Parameters

url

string

required

The HTTPS URL where webhook events will be sent. Must be publicly accessible.

events

array

required

Array of event types to subscribe to. See available events below.

description

string

Optional description to help identify this webhook endpoint.

Response Fields

string

required

Unique identifier for the webhook endpoint

url

string

required

The registered webhook URL

events

array

required

Array of subscribed event types

status

string

required

Current status of the webhook (active, inactive, etc.)

created_at

timestamp

required

ISO 8601 timestamp when the webhook was created

secret

string

required

Webhook secret for verifying event signatures

Available Events

Subscribe to these event types to receive notifications when they occur:

Payment Events

payment.success - Payment completed successfully
payment.failed - Payment failed or was declined
payment.pending - Payment is being processed
payment.refunded - Payment was refunded

Account Events

account.created - New account created
account.updated - Account information updated
account.verified - Account verification completed

Transaction Events

transaction.created - New transaction initiated
transaction.completed - Transaction completed
transaction.failed - Transaction failed

Wallet Events

wallet.funded - Wallet received funds
wallet.withdrawn - Funds withdrawn from wallet
wallet.transferred - Funds transferred between wallets

Security Best Practices

Always verify webhook signatures to ensure requests come from Devdraft:

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

Store the webhook secret securely. You’ll need it to verify that incoming webhook requests are authentic and come from Devdraft.

Never expose your webhook secret in client-side code or public repositories. Keep it secure on your server.

Getting Started

​How Webhooks Work

​Create a Webhook Endpoint

​Authentication

​Request Parameters

​Response Fields

​Available Events

Payment Events

Account Events

Transaction Events

Wallet Events

​Security Best Practices

How Webhooks Work

Create a Webhook Endpoint

Authentication

Request Parameters

Response Fields

Available Events

Security Best Practices