Verify Callback

To ensure the authenticity of callbacks from our API, each callback is signed on the backend using your project’s API Key and the callback data.

How the signature is generated

On our side, the signature is calculated as follows:

Example of received callback

{
  "id": "a33da20c-fba6-4d3f-bf57-55b5c0693a4c", // transaction id in system
  "externalId": "ORDER-001", // id in your system
  "currencyName": "USDT", // payer currency
  "cryptoNetwork": 1, // crypto network(TRON)
  "status": 1, // actual transaction status
  "initAmount": "100", // initial order 
  "amount": "99.5", // actual payed amount
  "toAddress": "TTEa3mJfNhotmfSyramn6QkUuayuc242bj",
  "projectId": "992d333d-a4fe-4e67-bf07-9da58c489778",
  "commissionType": "0", // from customer
  "providerCommission": "1", // only provider commission
  "chainCommissionFixed": "1", // only chain commission
  "totalCommission": "2", // adjust commission
  "fromAddress": "TTEa3mJfNhotmfSyr33n6QkUuayuc242ar",
  "operationType": 1, // deposit = 1 and withdrawal = 2
}

How to verify a callback

Receive the callback data as JSON.

Extract the signature field from headers.

Recreate the signature locally using your API Key and the data.

Compare your generated signature with the received sign.

If they match → the callback is valid.

If not → reject the callback.

Example Verification (Node.js)

Important Notes

Always remove the sign field before calculating your hash.

Use the raw JSON body (without formatting changes such as extra spaces or reordered keys).

Reject any callback with an invalid or missing signature.

How the signature is generated#

Example of received callback#

How to verify a callback#

Example Verification (Node.js)#

Important Notes#

How the signature is generated

Example of received callback

How to verify a callback

Example Verification (Node.js)

Important Notes