1. Raíz
CryptopocketAPI
  • Cryptopocket APIs
    • Common
      • Authentication
      • Token Price
      • Get Available Assets
    • Users
      • User Registration
      • Check KYC Verification
    • OnRamp
      • Get payment methods
      • Get Quote
      • Create Payment Intend (RampOn)
      • Get Payment
      • Get List
    • OffRamp
      • Get quote
      • Create OffRamp Transaction
      • Get rampoff status
      • Get List
    • Webhooks
      • Webhook Event Subscribe
      • Webhook Event Update
    • Raíz
  • Banking API
    • Raíz
      • Get Rampoff Quote
        GET
      • Get Deposit
        GET
      • Balance
        GET
      • Get Banking Transfer List
        GET
      • Get Banking Transfer
        GET
      • Create Bank Transfer
        POST
      • Authenticate
        POST
      • Webhook Event Subscribe
        POST
  1. Raíz

Webhook Event Subscribe

POST
/api/subscribeToWebhook
This endpoint allows users to subscribe to CryptoPocket's webhook to receive notifications related to cryptocurrency transactions. Through this webhook, CryptoPocket will notify specific events related to token shipments and payments.
All webhooks are authenticated using HMAC-SHA256 signatures to ensure security and data integrity. Each webhook request includes the following headers:
X-API-Key: Your public API key (identifies your integration)
X-Signature: HMAC-SHA256 signature of the payload
X-Timestamp: Unix timestamp (seconds since epoch) to prevent replay attacks

How to validate webhooks#

To verify that a webhook is legitimate and hasn't been tampered with, follow these steps:
1.
Extract headers: Get X-API-Key, X-Signature, and X-Timestamp from the request headers
2.
Get API Secret: Retrieve the api_secret associated with the X-API-Key from your database
3.
Recalculate signature:
Concatenate the JSON payload (as string) with the timestamp: payload + timestamp
Calculate HMAC-SHA256: HMAC-SHA256(payload + timestamp, api_secret)
4.
Compare signatures: Verify that the calculated signature matches the X-Signature header value
5.
Validate timestamp (Recommended): Ensure the X-Timestamp is not too old (maximum 5 minutes difference)
Parameters:
PARAMDESCRIPTION
urlThe URL to which CryptoPocket will send webhook notifications (POST request).
typeThe type of event for which the user wishes to receive notifications.
Allowed values:

CRYPTO_RECEIVED: To receive notifications when crypto has been received during a ramp-off process.
TRANSFER_RAMPOFF_FINISHED: To receive notifications when the bank transfer has been sent during a ramp-off process.
RESPONSE EXAMPLE:
{
  "status": "ok",
  "data": "subscription_created"
}

Solicitud

Parámetros de Header

Parámetros del Body application/x-www-form-urlencoded

Respuestas

🟢200
application/json
Body

Solicitud Ejemplo de Solicitud
Shell
JavaScript
Java
Swift
curl --location --request POST '/api/subscribeToWebhook' \
--header 'auth: b87bsdf8hdsj9fh9sd78fubsdoiufbj' \
--data-urlencode 'type=COINS_SENT' \
--data-urlencode 'url=https://demo.com'
Respuesta Ejemplo de Respuesta
{}
Modificado en 2026-04-09 01:12:40
Anterior
Authenticate
Built with