TrustVault provides webhooks to alert you of the changes in that status of your transactions. These are
POST requests delivered to your server and are sent as soon as an event occurs. The body of the request contains the details of the event.
Upon receiving a webhook notification, it should be acknowledged with a HTTP success response
20x. Otherwise the webhoook notification will be attempted to be sent again according to the following schedule:
- 1 minute from the previous attempt
- 2 minutes from the previous attempt
- 15 minutes from the previous attempt
- 2 hours from the previous attempt
- 10 hours from the previous attempt
- 24 hours from the previous attempt
|Bitcoin Received||A bitcoin wallet belonging to the trustId has received a transaction|
Unique identifier for the webhook notification
The webhook version
The webhook notification type -
The timestamp of the webhook notification
The timestamp of the webhook notification in ISO 8601 format
The payload for the webhook notification
The bitcoin received webhoook will be triggered as soon as there is 1 confirmation from a miner.
Unique identifier for the TrustVault user
Unique identifier for the wallet
The transaction amount in satoshi (integer string)
The UTXO receive address of the transaction
The type of transaction -
The block number where the transaction was included in
Unique identifier for the transaction in the blockchain
The timestamp of the block
The transaction amount in BTC (float string)
Unique identifier for the HD Wallet
The chain identifier where the sub wallet belongs to (“BTC”, “BINANCE”)
Index of the sub wallet in the HD Wallet starting at zero (integer)
Webhook notifications should be verified using the message hash signature in the header and the secret key to prevent attackers from imitating valid webhooks.
Each webhook is associated with a single secret key, which is given upon registration of the webhook. The secret key is used to generate an HMAC using
SHA-256 hash algorithm.
Webhook notifications will have an
X-Sha2-Signature header in the request, containing the HMAC. The secret key should be used to compute the message hash signature using the complete event object. You must ensure that the generated hash signature matches the
X-Sha2-Signature header sent by TrustVault.
import * as crypto from "crypto";
Webhook endpoints might occasionally receive the same event more than once. In particular, during chain re-organisation a webhook event could be re-sent for the exact same transaction. We advise you to guard against duplicated event receipts by making your event processing idempotent.