{"_id":"56cb35e7c675f50b00a4b71e","user":"54eb883f4f94620d00789aaa","version":{"_id":"55909cb433090f0d004d25d8","project":"558b53f749dc4f0d00517de0","forked_from":"558b53f749dc4f0d00517de3","__v":8,"createdAt":"2015-06-29T01:17:40.214Z","releaseDate":"2015-06-29T01:17:40.214Z","categories":["55909cb433090f0d004d25d9","55909cb433090f0d004d25da","55909cb433090f0d004d25db","55909cb433090f0d004d25dc","56c72c00197f9f1700c811db","56c72df5b3625c0d00422c9e","56e1b646150ed52d0062c652","56e9fe9779708c0e002b6026","57312dc94245100e001743f4","57646a570742400e00c04701","5894c96f4d9c7e27002e42ba"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"2.0.0","version":"2"},"__v":9,"project":"558b53f749dc4f0d00517de0","githubsync":"","parentDoc":null,"category":{"_id":"56c72c00197f9f1700c811db","__v":9,"pages":["56c72c1b862f940d0056475b","56c72ccfb4c1dc0d004ec2ce","56c72d28197f9f1700c811dc","56c72d4f9d75580d00026257","56c72d8349937c0d001deca3","56c72dab9e2b6c0d00048717","56c72f1c5652c217008e08b5","56cb35dbc675f50b00a4b71c","56cb35e7c675f50b00a4b71e"],"project":"558b53f749dc4f0d00517de0","version":"55909cb433090f0d004d25d8","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-02-19T14:51:44.638Z","from_sync":false,"order":3,"slug":"making-transfers","title":"Transfering funds"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-02-22T16:23:03.309Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":7,"body":"[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"HTTP POST Callbacks\"\n}\n[/block]\nWyre sends HTTP POST callbacks notifications to update your system of transfer state transitions. All POST callbacks for a particular transfer are sent to the ```callbackUrl``` parameter provided at the time of transfer quote creation.\n\n## State Changes\nPOST callbacks are sent whenever the transfer goes through a state change. Be sure to check the status of the transfer before you take any actions.\n\n## Payload\nWe will POST the full JSON representation of the transfer to your to ```callbackUrl``` provided.\n\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"{\\\"createdAt\\\":1515616777388,\\n\\\"id\\\":\\\"TF-QP334XYFC44-W\\\",\\n\\\"source\\\":\\\"wallet:WA-GU8GTMLGVL6\\\",\\n\\\"dest\\\":\\\"transfer:TF-QP334XYFC44\\\",\\n\\\"currency\\\":\\\"USD\\\",\\n\\\"amount\\\":3413.52,\\n\\\"status\\\":\\\"CONFIRMED\\\",\\n\\\"confirmedAt\\\":1515616777388,\\n\\\"cancelledAt\\\":null,\\n\\\"reversedAt\\\":null,\\n\\\"message\\\":\\\"Withdrawal for transfer TF-QP334XYFC44\\\",\\n\\\"allowOverdraft\\\":false,\\n\\\"authorizer\\\":null,\\n\\\"senderProvidedId\\\":null,\\n\\\"reversedBy\\\":null,\\n\\\"fees\\\":0,\\n\\\"feesDest\\\":null,\\n\\\"metadata\\\":{\\\"Description\\\":\\\"Pending: Transfer of $3413.52 to contact:CO-DGNTXYUUT4X\\\",\\\"transferId\\\":\\\"TF-QP334XYFC44\\\"},\\n\\\"tags\\\":[],\\n\\\"sourceFees\\\":null,\\n\\\"destFees\\\":null}\",\n      \"language\": \"json\",\n      \"name\": null\n    }\n  ]\n}\n[/block]\n## Callback Acceptance and Retries\nYour system should respond to the callback request with a 200 response. We only attempt to send the request once, but we may introduce automatic retries in the future. We can manually resent callbacks upon request.\n\n## Security\nIn order to prevent callback spoofing we provide a signature with the callback passed back through the HTTP header ```X-API-Signature```.\n\nThis signature is a SHA256 HMAC signature of the JSON body signed with the account's *first* secret key. Below you can find example implementations of the signature.\n\n***Note:*** It's important to verify the signature in the callback, otherwise it is possible for the request to be spoofed by an external attacker.\n\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Example\"\n}\n[/block]\nThis example server-side code shows how to receive and verify a Wyre MassPay transfer callback\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?php\\n\\t\\t//we need the acccount's first secret key to calculate the HMAC\\n\\t\\t$secret_key = \\\"my_secret_key\\\";\\n\\n\\t\\t//Retrieve data from server and parse it\\n    $sig = $_SERVER['HTTP_X_API_SIGNATURE'];\\n\\t\\t$body = file_get_contents('php://input');\\n\\t\\t$json = json_decode($body, True);\\n\\t\\t\\n\\t\\t//recreate signature of request body and compare to received signature\\n\\t\\t$hmac = hash_hmac('sha256', $body, $secret_key);\\n\\n\\t\\tif ($hmac == $sig){\\n      //valid snapcard message\\n      $transfer_status = $json['STATUS'];\\n    }else{\\n     \\t//handle signature failure \\n    }\\n\\t\\t\\n?>\",\n      \"language\": \"php\",\n      \"name\": null\n    }\n  ]\n}\n[/block]","excerpt":"","slug":"callbacks","type":"basic","title":"Callbacks"}
[block:api-header] { "type": "basic", "title": "HTTP POST Callbacks" } [/block] Wyre sends HTTP POST callbacks notifications to update your system of transfer state transitions. All POST callbacks for a particular transfer are sent to the ```callbackUrl``` parameter provided at the time of transfer quote creation. ## State Changes POST callbacks are sent whenever the transfer goes through a state change. Be sure to check the status of the transfer before you take any actions. ## Payload We will POST the full JSON representation of the transfer to your to ```callbackUrl``` provided. [block:code] { "codes": [ { "code": "{\"createdAt\":1515616777388,\n\"id\":\"TF-QP334XYFC44-W\",\n\"source\":\"wallet:WA-GU8GTMLGVL6\",\n\"dest\":\"transfer:TF-QP334XYFC44\",\n\"currency\":\"USD\",\n\"amount\":3413.52,\n\"status\":\"CONFIRMED\",\n\"confirmedAt\":1515616777388,\n\"cancelledAt\":null,\n\"reversedAt\":null,\n\"message\":\"Withdrawal for transfer TF-QP334XYFC44\",\n\"allowOverdraft\":false,\n\"authorizer\":null,\n\"senderProvidedId\":null,\n\"reversedBy\":null,\n\"fees\":0,\n\"feesDest\":null,\n\"metadata\":{\"Description\":\"Pending: Transfer of $3413.52 to contact:CO-DGNTXYUUT4X\",\"transferId\":\"TF-QP334XYFC44\"},\n\"tags\":[],\n\"sourceFees\":null,\n\"destFees\":null}", "language": "json", "name": null } ] } [/block] ## Callback Acceptance and Retries Your system should respond to the callback request with a 200 response. We only attempt to send the request once, but we may introduce automatic retries in the future. We can manually resent callbacks upon request. ## Security In order to prevent callback spoofing we provide a signature with the callback passed back through the HTTP header ```X-API-Signature```. This signature is a SHA256 HMAC signature of the JSON body signed with the account's *first* secret key. Below you can find example implementations of the signature. ***Note:*** It's important to verify the signature in the callback, otherwise it is possible for the request to be spoofed by an external attacker. [block:api-header] { "type": "basic", "title": "Example" } [/block] This example server-side code shows how to receive and verify a Wyre MassPay transfer callback [block:code] { "codes": [ { "code": "<?php\n\t\t//we need the acccount's first secret key to calculate the HMAC\n\t\t$secret_key = \"my_secret_key\";\n\n\t\t//Retrieve data from server and parse it\n $sig = $_SERVER['HTTP_X_API_SIGNATURE'];\n\t\t$body = file_get_contents('php://input');\n\t\t$json = json_decode($body, True);\n\t\t\n\t\t//recreate signature of request body and compare to received signature\n\t\t$hmac = hash_hmac('sha256', $body, $secret_key);\n\n\t\tif ($hmac == $sig){\n //valid snapcard message\n $transfer_status = $json['STATUS'];\n }else{\n \t//handle signature failure \n }\n\t\t\n?>", "language": "php", "name": null } ] } [/block]