Webhooks

Receive signed events when payments land.

BlockPay posts every state change to your endpoint as a signed JSON event. Verify the HMAC signature, then trust the payload.

Overview

Configure a webhook URL per merchant in the BlockPay dashboard. Every event hits that URL as an HTTP POST with a JSON body and a signature header. Respond with any 2xx within five seconds. BlockPay retries on non-2xx responses with exponential backoff for up to 24 hours.

Example payload

A typical invoice.paid event. Note the X-BlockPay-Signature header contains a timestamp and a v1 HMAC over `${timestamp}.${rawBody}`.

HTTPBlockPay webhook

01POST https://your-app.example/blockpay/webhook
02Content-Type: application/json
03X-BlockPay-Event: invoice.paid
04X-BlockPay-Delivery: del_01HE2K9F8M
05X-BlockPay-Timestamp: 1747350522
06X-BlockPay-Signature: t=1747350522,v1=8d2c4f...
07
08{
09  "id": "evt_01HE2K9F8M",
10  "type": "invoice.paid",
11  "createdAt": 1747350522,
12  "data": {
13    "invoice": {
14      "id": "inv_01HE2K6BX9C0",
15      "merchantId": "merchant_acme",
16      "amount": "4900000",
17      "currency": "USDC",
18      "chainKey": "arc-testnet",
19      "status": "paid",
20      "settledTxHash": "0x4f1c...92a0",
21      "settledAt": 1747350522
22    }
23  }
24}

Verify the signature

Always verify before doing anything with the payload. Use the raw request body — re-serialised JSON will not match. Use Node's crypto.timingSafeEqual to compare digests; never use a plain ===.

verify.tsBlockPay webhook

01import crypto from "node:crypto";
02
03const WEBHOOK_SECRET = process.env.BLOCKPAY_WEBHOOK_SECRET!;
04const TOLERANCE_SECONDS = 5 * 60;
05
06export function verifyBlockPaySignature(opts: {
07  rawBody: string;
08  header: string | null;
09}): { ok: true } | { ok: false; reason: string } {
10  if (!opts.header) return { ok: false, reason: "missing_header" };
11
12  // header looks like: "t=1747350522,v1=8d2c4f..."
13  const parts = Object.fromEntries(
14    opts.header.split(",").map((p) => p.split("=", 2) as [string, string]),
15  );
16  const ts = Number(parts.t);
17  const sig = parts.v1;
18  if (!Number.isFinite(ts) || typeof sig !== "string") {
19    return { ok: false, reason: "malformed_header" };
20  }
21
22  const ageSeconds = Math.floor(Date.now() / 1000) - ts;
23  if (Math.abs(ageSeconds) > TOLERANCE_SECONDS) {
24    return { ok: false, reason: "stale_timestamp" };
25  }
26
27  const signedPayload = `${ts}.${opts.rawBody}`;
28  const expected = crypto
29    .createHmac("sha256", WEBHOOK_SECRET)
30    .update(signedPayload)
31    .digest("hex");
32
33  const a = Buffer.from(expected, "hex");
34  const b = Buffer.from(sig, "hex");
35  if (a.length !== b.length || !crypto.timingSafeEqual(a, b)) {
36    return { ok: false, reason: "bad_signature" };
37  }
38
39  return { ok: true };
40}

Wire it into your route

route.tsBlockPay webhook

01import { verifyBlockPaySignature } from "./verify";
02
03export async function POST(req: Request) {
04  // IMPORTANT: read the raw body, not parsed JSON. Re-serialised
05  // JSON will not match the signature.
06  const raw = await req.text();
07
08  const result = verifyBlockPaySignature({
09    rawBody: raw,
10    header: req.headers.get("x-blockpay-signature"),
11  });
12
13  if (!result.ok) {
14    return new Response("invalid signature", { status: 401 });
15  }
16
17  const event = JSON.parse(raw) as { type: string; data: unknown };
18
19  switch (event.type) {
20    case "invoice.paid":
21      // fulfill the order, send the receipt email, etc.
22      break;
23    case "payment.refunded":
24      // mark the order refunded
25      break;
26  }
27
28  // Return 2xx within 5 seconds. BlockPay retries with backoff for
29  // up to 24 hours on anything other than 2xx.
30  return new Response("ok");
31}

Event types

Five event types cover the full lifecycle. All events share the same envelope; only the data shape changes per type.

Event	Description
invoice.created	A new invoice has been created. The customer has not yet paid; the invoice is in open state.
invoice.paid	An on-chain transfer satisfying the invoice has confirmed. Fulfil the order.
invoice.expired	The invoice passed its expiresAt without being paid. The on-chain commitment is closed.
payment.received	An on-chain transfer was observed at one of your settlement addresses, attributed to a BlockPay invoice.
payment.refunded	A refund transfer initiated from your settlement wallet has confirmed back to the original payer.

Retries and idempotency

BlockPay considers the delivery successful only on a 2xx response within five seconds. Other responses, timeouts and connection errors trigger retries with exponential backoff for up to 24 hours. Use the X-BlockPay-Delivery header as an idempotency key — the same delivery id will be reused across retries, but each delivery represents a single underlying event.

SDK helper REST API reference