Webhooks are event-based notifications that are received when a specific event related to the Wallet occurs.
In rare cases, such as network retries, read timeouts, processing delays, or delivery failures, the same webhook might be sent more than once for the same event. To prevent unintended side effects, implement idempotency in your webhook handler to handle duplicate deliveries.
Webhook signature
You will receive the webhook signature in the webhook header. Here is a sample header from a webhook request.
| Header name | Header value |
|---|
| content-length | 1099 |
| x-webhook-attempt | 1 |
| content-type | application/json |
| x-webhook-signature | 07r5C3VMwsGYeldGOCYxe5zoHhIN1zLfa8O0U/yngHI= |
| x-webhook-timestamp | 1746427759733 |
| x-webhook-version | 2025-01-01 |
Always capture the webhook payload in its raw text format before parsing into JSON. Parsing and reserialising the payload can change the structure (for example, array ordering, spacing, or null handling) and cause a signature mismatch during verification. Use the exact raw body string from the request when computing the signature.
Wallet Credit events
The following are examples of webhook events that you may receive.
{
"event_type": "PPI_CREDIT_SUCCESS",
"event_time": "2006-01-02T15:04:05Z",
"data": {
"credit_id": "CREDIT126345",
"cf_credit_id": "8901234567890123456",
"wallet_id": "WALLET936721",
"user_id": "USER827364",
"amount": 100.5,
"sub_wallet": {
"cf_sub_wallet_id": "35246543210987654321",
"name": "Gift Wallet",
"type": "GIFT_PPI",
"status": "ACTIVE",
"balance": 1500.75
},
"issued_gift_code": {
"code": "GIFT-2025-XYZ123",
"value": 100.5,
"expiry": "2025-12-31T23:59:59Z"
},
"status": "SUCCESS",
"remarks": "Refund for order 123",
"initiated_at": "2025-09-02T10:15:30Z",
"processed_at": "2025-09-02T10:20:45Z"
}
}
Wallet Credit webhook payload fields
The webhook payload contains important metadata in its top-level fields.
| Field | Type | Description |
|---|
event_type | string | Indicates the type of event that triggered the webhook. |
event_time | string | The UTC timestamp of when the event occurred, formatted in ISO 8601 (YYYY-MM-DDTHH:MM:SSZ). |
data | object | Contains event-specific details related to this feature. |
Verifying the signature is mandatory before processing any response. Refer to Signature Verification for more details. 
