Incoming Provider Webhooks (from payment providers → RohoPay)

These are registered on the provider side — you do not call them. They are documented here for completeness.
MethodPathProviderVerification
POST/webhooks/relworxRelworx (mobile + card)HMAC-SHA256 header
POST/webhooks/iotecIotec (mobile)Token header
GET/webhooks/relworx/visa/callbackRelworx 3DS returnBrowser redirect only

Outgoing Webhooks (from RohoPay → your server)

When a transaction resolves, RohoPay POSTs to the callback_url you provided.

Signature Header

x-rohopay-signature: sha256=abc123def456...

Payload

{
  "event": "deposit.successful",
  "id": "01j2k3m4n5p6q7r8s9t0uvwx",
  "internal_reference": "RHP-2024-ABC123",
  "provider_reference": "9876543210",
  "type": "collection",
  "status": "successful",
  "payment_method": "mobile_money",
  "phone_number": "256700123456",
  "amount": 50000,
  "currency": "UGX",
  "commission_amount": 500,
  "net_amount": 49500,
  "environment": "live",
  "created_at": "2024-07-15T08:30:00Z",
  "updated_at": "2024-07-15T08:31:47Z"
}

Events

EventTrigger
deposit.successfulCollection or card payment confirmed
withdraw.successfulDisbursement or withdrawal succeeded
withdraw.failedDisbursement or withdrawal failed

Signature Verification

import crypto from "crypto";

function verify(body: string, sig: string, secret: string): boolean {
  const expected = "sha256=" + crypto
    .createHmac("sha256", secret)
    .update(body)
    .digest("hex");
  return crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected));
}
Your secret is shown in Dashboard → Webhooks.

Delivery Requirements

  • Respond HTTP 200–299 within 10 seconds
  • If your endpoint times out or returns an error, RohoPay retries with backoff

Get Webhook Config

GET /dashboard/webhook-config
Cookie: session={your_session}

{
  "success": true,
  "data": {
    "webhook_secret": "your-secret",
    "signature_header": "x-rohopay-signature",
    "signature_format": "sha256={hex_digest}",
    "events": [
      { "event": "deposit.successful", "description": "Payment confirmed" },
      { "event": "withdraw.successful", "description": "Payout sent" },
      { "event": "withdraw.failed", "description": "Payout failed" }
    ]
  }
}