1. Webhook
Lesspay2.0
  • LESSPAY2 API Reference
    • Get started
    • Authentication
    • Parameter Specifications
    • Pay In
      • Overview
      • Development Guidelines
      • Local Payment Methods (LPMs)
      • Error Codes
      • Card payment
        • Card Payment
        • 3D Secure (3DS) Configuration
        • Fraud & Dispute Webhook Notifications
      • API List
        • Create Payin
        • Fetch Payin
      • Webhook
        • Payin webhook
    • Pay Out
      • Overview
      • Development Guidelines
      • Multiple Transfer Methods
      • Error Codes
      • API List
        • Create Payout
        • Payout Supported Banks
        • Fetch Payout
      • Webhook
        • Payout webhook
  1. Webhook

Payin webhook

Callback notifications (Webhooks) allow your system to receive real-time updates about transaction status changes (e.g., when a user completes a payment).

1. Configuration Sources#

The Callback URL (notify_url) can be configured in two ways. The system prioritizes the URL provided in the API request if both are present.
1.
Merchant Dashboard (Static):
When onboarding, provide your default notify_url to the Lesspay Product Operations team to register it with your APPID.
This URL is used as a fallback if no URL is provided in the API request.
2.
API Parameter (Dynamic):
You can specify a notify_url parameter in the Create Order API (/api/global/v1/pay/create-order).
This allows you to set different callback URLs for specific transactions or environments.

2. Webhook Authentication#

To ensure that the webhook is sent by Lesspay and has not been tampered with, you must verify the signature included in the request header.

Signature Mechanism#

Header Field: x-auth-signature
Algorithm: SHA256 (Uppercase)
Key: Your appSecret

Verification Steps#

1.
Collect Parameters: specific fields from the webhook JSON body (excluding empty values).
2.
Sort: Sort the parameters by key in ASCII order.
3.
Concatenate: Format them as key=value and join with & (e.g., amount=100&currency=USD).
4.
Append Key: Append &key=YOUR_APP_SECRET to the string.
5.
Hash: Calculate the SHA256 hash of the final string.
6.
Compare: Convert the hash to Uppercase and compare it with the x-auth-signature header.

3. Notification Parameters#

The webhook payload contains the following fields:
Field NameTypeLocationDescription
request_idStringBodyMerchant's unique Request ID
pay_order_idStringBodyLesspay's unique Order ID
order_statusStringBodyOrder status string (e.g., SUCCEED, FAILED)
order_status_intIntegerBodyOrder status (numeric)
target_currencyStringBodyTransaction Currency
target_amountStringBodyTransaction Amount
product_nameStringBodyProduct name
descriptionStringBodyOrder description
fail_urlStringBodyFailure redirect URL
success_urlStringBodySuccess redirect URL
complete_timeStringBodyTransaction completion time
error_codeStringBodyError code (if failed)
error_msgStringBodyError message (if failed)
api_versionStringBodyAPI Version
channel_biz_dataObjectBodyAdditional channel parameters

4. Examples#

Data Format Example (POST JSON)#

{
    "target_amount": "0.001",
    "target_currency": "ETH",
    "description": "Recharge_Order",
    "product_name": "Recharge_Order",
    "pay_order_id": "RO315733288037646399",
    "fail_url": "https://example.com/fail",
    "success_url": "https://example.com/success",
    "order_status_int": 0,
    "order_status": "SUCCEED",
    "request_id": "3233",
    "channel_biz_data": {
        "riskLevel": 3
    }
}

Callback Receiving Code Example (Java)#

Modified at 2025-12-19 04:45:11
Previous
Fetch Payin
Next
Overview
Built with