'/%3e%3cdefs%3e%3cpattern%20id='pattern0_2104_4598'%20patternContentUnits='objectBoundingBox'%20width='1'%20height='1'%3e%3cuse%20xlink:href='%23image0_2104_4598'%20transform='matrix(0.00376176%200%200%200.0172414%20-0.00219436%200)'/%3e%3c/pattern%3e%3cimage%20id='image0_2104_4598'%20width='267'%20height='58'%20preserveAspectRatio='none'%20xlink:href='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQsAAAA6CAMAAACQ2ozcAAAAM1BMVEVMaXH////////////////////////////////////////////////////////////////x7/yuAAAAEHRSTlMAoDDgEPBgwIBAINCwkHBQDIOTDwAAAAlwSFlzAAFxGAABcRgB7MGwCAAABm1JREFUaIHlW+uWsyoMLSIIeH3/pz0CKrmgQuusdn0nf2YaMW42kISgr1cQK+SySj+61/9cmm45RLTfRvNV0WoBIptv4/mi6AWLuiVDd0lKmLPGGPsA0nelGG8TZoXU69poTPi/v1smBjB338dZxvk218B/VIrxBl8hth9t73+Zp2x7SdNuLMX+tJTitZCKjQx1MzFquLBVc+hvpBSv8NMX/Hb+Bv2MbS8DaNsVYn9aSvFK2nWB5slHtr0sUL4Ur0vx+usowdL3A1jBhUVcfGmR1HCBFPbvuWhskvuefC4/wkWbWyMgzV2ub39GarhA+cf0KBevHrTdffSvcuGxonzCA73JBGq4gFnt7qN/lYtxwflEWOA3KWJVriWOpkd0+lUuQj6Rsu6QkcuL9jW2o4xbyzTZfpWLOG79FlatgnP5Y9tRnFn3RAYE7p/loo1bJ6GtnSLIYbuwRrz8rq6SCyY/y8W2UU0SFkw7xQCghszN/y4Xr0ZCKjpPxQz46Vjdj9pupiHUBsxclmRXcOG0CKZHfVV9dHqM1QmRrZNU4IVN15kwQ98fNHSlYNsaUsmmEUw899gNuQCck2ur17KwZXcypM6gsVSCtSN4YcozzLmWqtvbNCPRUDKgbU07RiC/z8XgmOnMtHNiYUJZu8Tbg8YW3B6HOK6PwRPQRo1sT21nBGVq73OxKNaElx8n3iiAR4CL8YbOHlH0YHnXtAL2osg2Gr8PuMgIIaPNTIooqIJdijfkyFO6b6u9gBTDo1M1PKOK6bNcYCBtf9Gwqcc7LHgr1qqFaHil69Y2KAY9zMWe/Ny3BWSU4vVdZ3UtvCHxGuQD7m2nmfY0FyBBGK8bJidXitf/gxbA7DVQwStdBbbVng48zsUxMexdy7EWr/8H9dw/QjJNLRfHKnmci2Pk5G1LW4nX/2U9x5p5eYOLvYj6PBfb+qXHfacWy/H6P6yuhavBfl1Cl0VtK7MaaGcS30wZF6ny2WS4kD71ttjyZgXHEDk5j4Ew2dTh9SbREYCEqA/NBBXY9pHX4E2eLOPiRQT1RsDAv0sc7QZhOHowIwxjHd4wDcDEmCJ1jmjQREG2werBxt3HXKRIwE+cEAYwmMijygze/hxvrq6FNJp0mNp2Zxf0x1ykWD8zLmA7lIChqe+u8U4Eb2goLbjYSaCJdnDqC20jR4JOAMzHXADYjAs4pCj5QYvH3uCFVjy66IR6Y8zoSfDlPr1rhEKdyHCB64GwJ8PHXAA144L3eBcYaw3DixwfW3skqw+GcUpHj1fP60TwSveXXKDRP7fAubjBi2bKwnrAT5p/gAsEEFuA41jNBQ60YZEip8Lq4r/NBexOLRfbvX0XfGZY5i5uVjcNOzs6tz0S23/GhYNctKcWKrmI4Sq+2BlebpRm9FSY8IRYcVTndS3si6DrEX/JBfKdeKjgitcMLw4DxNf7oVcHW/viSLt/kfqV46KHF9BofR5Tr7iA0QKhg6lIJqZe4Q3hExAroJEgIe6c17XgpEOeZy7ighatS7mA0RDlTyiJr8Obr2sJqjmva4H1g7eObREXNEiVcoGeBWqKuXy7FG9kBEhwfyjPZG9wkQOVfJlgS/Bu9+wbyy5z7YoLNL2XfgNMisFTBd6+qH5xW9fqjbV6JLUVfc4FzuS6yVoz3Lyzw7jAi2SlfrWiBTkhaOvwZrnomaa6lrNPxRwX2ft1JRe3Jb40mUvxkmc+Vtcy0NyFjgIv5oJOjEz39nVXitf/Rb6c+4txufQXWTkqpjkuXrnDLlnLhcsfmSU5Up9SvP7ZvK7F4shFXSsrB5lZLrLHXbzGd80FziS4pN15Kd6QXIGJYUhftolyXtfKSgrBWS5c7p6plguyayJyFmcv8IZRT1nmHnKJ5jzvzAoormS5yFoYqrm4AgI//LjFu3cvkKvioLQp2qlIlQseSuEXQYDt7JqFiVmei+wqqeeCfBIFewcT5XK80R+rwZgNx/F60qEhm3Zgu+HHuxK54hMucmTYei5e7B2NCD37hknAy9tDvPS0WjDNef1iTUQMploZvKc942L/3Aj0sXmDi9UOGw0KoQovzAPD2miRhr35mr7fCo3BO0K9pq/ONOBbL03NpIfIcXNQI2gP2gIteym5gSmkGvgbmRd4J/aqj93zFiUc1VCSc+K0WWWytd+HtHZ678YTQ2Yu+4jSzVePbcNVe6n51+U/wZKesx3N5aEAAAAASUVORK5CYII='/%3e%3c/defs%3e%3c/svg%3e)
Webhooks
Learn how to listen for transactions that happen on your account
A webhook is a URL on your server where we send payloads for transaction events. For example, if you implement webhooks, we will immediately notify your server with a btc.lightning.received.success event Once a lightning payment is received. Whenever you receive a webhook notification from us, return a 200 OK to avoid resending the same event again from our server.
Verifying Events
Verifying that these events come from Bitnob is necessary to avoid creating transactions due to a fraudulent event.
To verify events, validate the x-bitnob-signature header sent with the event. The HMAC SHA512 signature is the event payload signed with your secret key.
Notification Retries
When posting notifications, we expect to receive a 200 response code from you. If the response code is not 200, we retry sending the event 3 times after the first failure.
This way, whenever you experience downtime on your end, your updates will still be sent.
Don't rely on webhooks entirely
We recommend that you set up a service to always query transactions, in the event that webhooks keep failing.
Testing Webhooks
Since notifications must always be available on a publicly accessible URL, you are likely to run into issues while starting to build your application in a local environment. You can easily get around this by using a tool like ngrok or localtunnel
Create a tunnel, and update the new webhook URL setting on your dashboard. Only do this in your test environment to avoid leaking data to the public.
Virtual Cards Webhooks
Virtual card webhooks are fired when a customers perform any virtual card action.
Virtual Card creation failed
This is a webhook that is fired when virtual card creation fails
The specific webhook event type triggered. For example, 'virtualcard.created.failed' indicates a failed attempt to create a virtual card.
Unique identifier for the failed virtual card creation attempt. Useful for referencing the failed transaction in logs or support cases.
Detailed message describing why the virtual card creation failed. Often used for debugging or notifying the user about the issue.
The unique identifier of the company that initiated the virtual card creation request.
A unique identifier for the specific card creation request. This can be used to cross-reference requests in internal systems.
Virtual Card creation successful
This is a webhook that is fired when virtual card creation is successful
Type of webhook event. Indicates the creation of a virtual card was successful. This helps identify the nature of the action that triggered the webhook.
The unique identifier of the newly created virtual card. This ID can be used to retrieve card details, track card-related activities, or reference the card in support tickets and internal systems.
Current status of the virtual card. Typically 'active' if successfully created. This indicates whether the card is ready for transactions or needs further activation steps.
The UUID of the company associated with the newly created card. It links the virtual card to the specific organization that initiated the creation request.
Unique reference string used to identify the card creation request. It can be used for deduplication, auditing, reconciliation, and tracking purposes across systems.
Status of the creation process. Should be 'success' if the card was created without issues. This field provides a final confirmation of the card generation outcome and can be used to validate the process.
Virtual Cards Top
Virtual Card Top-up Success
This is a webhook that is fired when a virtual card top-up is successful
Webhook event type. This event indicates that a virtual card was successfully topped up. It is useful for identifying the nature of the transaction and triggering downstream actions.
Unique identifier for the top-up transaction. This can be used to reference the transaction in your database, audit logs, or support queries.
The amount that was credited to the virtual card. This value is typically in the card’s currency and reflects the exact top-up amount.
The unique identifier of the virtual card that was topped up. This allows you to associate the transaction with the correct card and user account.
Status of the top-up transaction. Expected value: 'success'. Helps confirm that the transaction was completed and funds are available.
The UUID of the company that owns the virtual card. Useful for identifying which organization's card was involved in the top-up.
A brief description or note for the top-up transaction. This may include the purpose of the top-up or additional metadata for internal reporting.
A unique reference ID used to trace the top-up event. Helpful for reconciling transactions and resolving issues if they arise.
Virtual Card Top-up Failed
This is a webhook that is fired when a virtual card top-up fails
The response is identical to that of Virtual Card Top-up Success. Refer to the Virtual Card Top-up Success section for field explanations.
Virtual Cards Withdrawal
Virtual Card Withdrawal Success
This webhook is fired when a withdrawal on a virtual card succeeds.
Webhook event type indicating a successful virtual card withdrawal (virtualcard.withdrawal.success). This is useful for filtering or routing webhook handling logic.
Overall status of the withdrawal transaction. Expected value is 'success', confirming the operation completed without errors.
Unique identifier of the virtual card from which funds were withdrawn. This helps identify the specific card affected by the transaction.
Unique identifier for this withdrawal transaction. It can be used for transaction lookup, reconciliation, and auditing.
UUID of the company that owns the virtual card. This helps associate the withdrawal with the correct organizational context.
Amount of money that was successfully withdrawn from the virtual card. This reflects the debit value for the transaction.
Unique reference ID used to trace or correlate the withdrawal event across systems and logs.
A brief note, description, or purpose for the withdrawal. It can aid in reporting or user-facing transaction histories.
Indicates whether the virtual card was terminated following the withdrawal. A value of 'false' means the card is still active.
Virtual Card Withdrawal Failed
This webhook is fired when a withdrawal on a virtual card fails.
The response is identical to that of Virtual Card Withdrawal Success. Refer to the Virtual Card Withdrawal Success section for field explanations.
Virtual Cards Transaction
Virtual Card Transaction - Debit
This webhook is fired when there is a debit transaction on a virtual card.
The webhook event type for a debit transaction. This helps you identify and route this webhook (e.g., 'virtualcard.transaction.debit').
The unique identifier of the debit transaction. Useful for reconciliation and tracking in transaction history.
The amount of money that was debited from the virtual card as part of this transaction.
The unique identifier of the virtual card that was charged in this debit transaction.
The explanation or note regarding the debit transaction, if any. May be null if no specific reason is provided.
The outcome of the transaction. Typically 'success', but may vary depending on processing results.
The unique identifier of the company that owns the virtual card associated with this transaction.
A human-readable description of the transaction, often including the merchant or payment processor name.
A unique reference string assigned to this transaction. It can be used to trace or query the transaction across systems.
Virtual Card Withdrawal - Failed
This webhook is fired when a virtual card withdrawal fails.
The webhook event type for a failed withdrawal. Example: 'virtualcard.withdrawal.failed'. This helps identify the nature of the webhook event.
The unique identifier for the specific withdrawal attempt. Useful for transaction logging and debugging.
The amount that was attempted to be withdrawn from the virtual card. This value was not successfully debited.
The identifier of the virtual card involved in the withdrawal attempt. Links the failed transaction to the card.
The status of the withdrawal transaction. Expected value for this event is 'failed'.
The UUID of the company that owns the virtual card. Helps map the transaction back to a specific business account.
A brief human-readable description of the transaction, such as the transaction purpose or source.
A unique reference string associated with this withdrawal transaction. Useful for reconciliation and tracking.
Indicates whether the card was terminated as a result of the failed withdrawal. 'false' means the card remains active.
Virtual Card Transaction - Reversed
This webhook is fired when there is a reversed transaction on a virtual card.
The webhook event type indicating that a previous debit transaction on a virtual card has been successfully reversed. Event value: 'virtualcard.transaction.reversed'.
The unique identifier for the reversal transaction. This ID helps trace the specific reversal event in your records.
The amount of money that was refunded back to the virtual card as part of the reversal.
The unique identifier of the virtual card involved in the reversed transaction.
An optional field that may include a short explanation or code detailing the cause of the reversal. Can be null if not provided.
Indicates the outcome of the reversal process. Expected value: 'success'.
The UUID of the company that owns or issued the virtual card involved in the reversal.
A human-readable description of the transaction. Typically includes the merchant name or reason for the original charge.
A unique reference identifier that ties this reversal transaction to the original debit or purchase transaction.
Virtual Card Transaction - Declined
This webhook is fired when a purchase attempt is declined.
The response is identical to that of Virtual Card Transaction - Reversed. Refer to the Virtual Card Transaction - Reversed section for field explanations.
Virtual Card Transaction Declined - Frozen
This webhook is triggered when a virtual card is frozen due to suspected fraud or insufficient funds during authorization.
The webhook event type indicating that a virtual card transaction was declined and the card was frozen as a result. Typically triggered for security reasons such as suspected fraud.
The unique identifier of the virtual card that was frozen due to the declined transaction. This ID allows you to track or take further action on the affected card.
A descriptive message explaining why the card was frozen. Example: 'Suspected Fraud' or 'Multiple failed attempts'.
The UUID of the company that owns or issued the virtual card. Useful for identifying which business account the frozen card belongs to.
A unique reference ID associated with the declined transaction that triggered the card freeze. It can be used for logging or auditing purposes.
Virtual Card Transaction Declined - Terminated
This webhook is triggered when a virtual card is permanently terminated due to multiple failed transactions from insufficient funds.
The webhook event type indicating that a virtual card transaction was declined and the card was frozen as a result. Typically triggered for security reasons such as suspected fraud.
The unique identifier of the virtual card that was frozen due to the declined transaction. This ID allows you to track or take further action on the affected card.
A descriptive message explaining why the card was frozen. Example: 'Suspected Fraud' or 'Multiple failed attempts'.
The UUID of the company that owns or issued the virtual card. Useful for identifying which business account the frozen card belongs to.
A unique reference ID associated with the declined transaction that triggered the card freeze. It can be used for logging or auditing purposes.
Balance available before the card was terminated.
Virtual Card Transaction Authorization Failed
This webhook is fired when a virtual card transaction fails during authorization due to insufficient funds.
The webhook event type for a failed authorization transaction. Indicates that a virtual card transaction could not be completed during the authorization phase.
Unique identifier for the failed authorization attempt. Useful for tracking and debugging.
The amount that was attempted during the failed authorization.
The unique ID of the virtual card used in the failed authorization attempt.
Explanation for why the authorization failed. Example: 'insufficient funds'.
The transaction status field. May still return 'success' for webhook delivery even if authorization failed.
Unique identifier of the company that owns the virtual card involved in the transaction.
Unique reference string to help trace the failed transaction in logs or support tickets.
Virtual Card Transaction Crossborder
This webhook is fired when a cross-border fee is charged to your USD wallet due to a virtual card transaction.
The webhook event type for a cross-border charge. Indicates that a fee was applied due to an international transaction.
The original amount of the transaction that triggered the cross-border charge. This is the actual purchase amount before fees.
The unique identifier of the virtual card used in the cross-border transaction.
The processing status of the cross-border charge (e.g., 'success' if the charge was applied successfully).
The unique ID of the company that owns the virtual card used in the transaction.
The merchant name or description associated with the transaction. This typically helps identify the vendor or service.
The specific amount deducted as a cross-border fee from the wallet or card.
Virtual Card Created Success
This webhook is fired when a virtual card is created successfully.
The webhook event name triggered when a virtual card is created successfully. Typically: 'virtualcard.created.success'.
The unique identifier assigned to the newly created virtual card. Useful for referencing and tracking the card.
The current operational status of the virtual card. Usually 'active' immediately after a successful creation.
The unique identifier of the company or organization that owns the newly created virtual card.
A unique string reference generated during the card creation process. Used for tracking and reconciliation.
The outcome of the card creation request. A value of 'success' indicates the card was issued without errors.
Virtual Card KYC Failed
This webhook is fired when a virtual card user's KYC is rejected.
The response is identical to that of Virtual Card KYC Success. Refer to the Virtual Card KYC Success section for field explanations.
Virtual Card Transaction Terminated Refund
This webhook is fired when a terminated virtual card transaction is refunded.
Webhook event name indicating that a refund was issued for a transaction on a terminated virtual card. Typically: 'virtualcard.transaction.terminated.refund'.
A unique identifier representing the refund transaction. Used for tracking and reconciliation.
The timestamp when the refund was processed, formatted in ISO 8601 (e.g., '2024-08-04T20:51:57.290Z').
The monetary amount refunded to the cardholder or company account. Represented as a string to maintain precision.
The unique identifier of the virtual card that was terminated and refunded.
An optional field that provides additional context on why the refund was issued. Can be null if no specific reason is recorded.
Indicates the final status of the refund process. Example: 'success'.
The UUID of the company that owns the terminated virtual card.
A short description or message associated with the refund transaction, providing context for the refund.
A unique reference code used to trace and audit the refund operation.
Virtual Card Transaction Verification
This webhook is triggered when a merchant initiates a zero-amount authorization to verify the virtual card is active.
Webhook event name indicating a card verification attempt. Value: 'virtualcard.transaction.verification'.
A unique identifier for the verification transaction.
The timestamp when the verification was processed.
The authorization amount. Typically '0' for verification checks.
The unique identifier of the virtual card being verified.
A message describing the result of the verification. Example: 'Card Account Successfully Verified'.
The status of the verification. Example: 'success'.
The UUID of the company that owns the virtual card.
A short description of the merchant or source that initiated the verification.
A unique reference code for the verification transaction.
Virtual Card Transaction Declined Charge
This webhook is triggered when a card receives an unsettled transaction or a reversed authorization.
Webhook event name indicating a declined charge on a virtual card. Value: 'virtualcard.transaction.declined.charge'.
A unique identifier for the declined charge transaction.
The monetary amount of the declined charge.
The unique identifier of the virtual card that received the declined charge.
The status of the event. Example: 'success'.
The UUID of the company that owns the virtual card.
A unique reference code for the declined charge transaction.
The number of declined charge violations recorded on this card.