Webhook

Only Process Value on settled

You should only credit value to your end user when the webhook status is settled.

Intermediate statuses should not trigger value assignment. Treat only settled as confirmation that funds are available and final.

---

🔐 Webhook Signature Verification

Each webhook request from Payceler includes a X-signature header. This is a HMAC-SHA256 hash of the payload, encoded with your secret key.

Steps to verify the webhook:

1. Extract the X-signature value from the header.

2. Recompute the HMAC hash of the received body using your secret key.

3. Compare the computed hash with the received signature.

4. Process the webhook only if they match.

This protects your system from spoofed or tampered requests.