Webhooks


What is a webhook?

Webhook is an API concept that allows applications communicate between themselves automatically without polling. Whenever an action/event happens on App A, it can automatically send updates to App B without App B polling constantly.

Likewise, whenever certain events take place on your Monnify integration such as payment being received, or settlement being made to your account, we can automatically send a notification to your application so it can take further actions e.g. providing value to your user or sending an email to a user.

The destination of this notification is a URL on your server, that accepts a POST request.

Supported Webhook Events

An event is an action that is done on your integration for which you can be notified of.

Some of the events triggered on Monnify are:

  1. Card transaction completed or account transfer payment received .

  2. Settlement is made to your wallet or account.

  3. Disbursement (or transfer) completed.

  4. An initiated refund is completed.

Click here to see all supported event types and the payload structure.

Securing your webhook

You can secure your webhook by using a combination of the approaches below

  1. Transaction Hash Validation: This is applicable by default on our transaction notification webhook. A hash of some properties in the request payload is computed, and you can validate this on your server by computing the same hash and comparing outputs. For more information about this, please see Computing Request Validation Hash

  2. IP Whitelisting: To prevent requests from un-authorized origins, you can whitelist our IP address and only honor requests from this IP. Webhook notifications from Monnify will come from the following IP addresses - 35.242.133.146

Responding to webhook request

When notification is sent to your server, we expect a 200 HTTP Status Code. When we get this, we assume the notification has been successfully received.

If any other response code is received, or if the request timeouts, the request will be resent a maximum of 10 times with a five-minute period between each resend, after which a webhook request will no longer be made.

Monnify ignores any other information in the response body or headers.

Best Practices

It’s highly recommended you do the following when processing webhook notifications from us.

  1. Check for duplicate notifications: It’s important to keep track of all notifications you’ve received. When a new notification is received, always check that this has not been processed before giving value so as not to give double value to customers. A resend of already processed notification can happen if we do not get a 200 HTTP Status code, or in the case of a request time out.

  2. Process Complex Logic After Responding to Monnify: If your application will perform complex or time consuming logic with received notifications, this might lead to a time out between Monnify and your system, hence leading to a resend. For this reason, it’s recommended you immediately acknowledge receipt of the notification by returning a 200 HTTP Status code, and then perform your long processing activities.

Click here to find out how to configure your webhook