Home Features Docs & API Blog Contact
Open App

Documentation

ZekoraPay Platform – Reference complète pour développeurs et utilisateurs

ZekoraPay Webhooks Guide

Since financial transactions are not always instantaneous, checking status by pooling is a bad practice. Prefer Webhooks.

Webhooks Security

ZekoraPay will sign each webhook request sent to your server in the X-Zekora-Signature header with HMAC SHA256 calculated using your Webhook Secret.

// Example PHP Validation
$signature = $_SERVER['HTTP_X_ZEKORA_SIGNATURE'];
$payload = file_get_contents('php://input');
$expected = hash_hmac('sha256', $payload, 'YOUR_WEBHOOK_SECRET');

if (!hash_equals($expected, $signature)) {
    http_response_code(401);
    die('Invalid signature');
}

Available Events

  • payment.success: A payment was successfully validated.
  • payment.failed: The customer's balance was insufficient or operation canceled.
  • transfer.completed: Your payout to an external partner was confirmed by the network.
  • invoice.paid: An enterprise invoice was paid.