Incoming Provider Webhooks (from payment providers → RohoPay)
These are registered on the provider side — you do not call them. They are documented here for completeness.| Method | Path | Provider | Verification |
|---|---|---|---|
| POST | /webhooks/relworx | Relworx (mobile + card) | HMAC-SHA256 header |
| POST | /webhooks/iotec | Iotec (mobile) | Token header |
| GET | /webhooks/relworx/visa/callback | Relworx 3DS return | Browser redirect only |
Outgoing Webhooks (from RohoPay → your server)
When a transaction resolves, RohoPay POSTs to thecallback_url you provided.
Signature Header
Payload
Events
| Event | Trigger |
|---|---|
deposit.successful | Collection or card payment confirmed |
withdraw.successful | Disbursement or withdrawal succeeded |
withdraw.failed | Disbursement or withdrawal failed |
Signature Verification
Delivery Requirements
- Respond HTTP 200–299 within 10 seconds
- If your endpoint times out or returns an error, RohoPay retries with backoff