Money Out Operation — This webhook fires when funds are transferred from your SingaPay account to a beneficiary’s bank account.
Information
| Method | Path | Format | Authentication |
|---|---|---|---|
| POST | https://your-webhook-url/callback | json | HMAC SHA512 Signature |
POST request to your configured disbursement_notif_url when a disbursement transaction is successfully processed or fails.
This webhook may share a callback URL with other event types. See Shared webhook endpoints for routing by
event value.Request Details
Headers
| Field | Value | Type | Mandatory | Description |
|---|---|---|---|---|
Content-Type | application/json | Alphabetic | Yes | Specifies JSON format for the request body |
User-Agent | SingaPaymentGateway/1.0 | Alphabetic | Yes | Identifies the source of the webhook |
Accept | application/json | Alphabetic | Yes | Expected response format |
X-PARTNER-ID | — | Alphanumeric | Yes | Your API Key from the merchant dashboard |
X-Signature | — | Alphanumeric | Yes | HMAC SHA512 signature (128 chars) for request verification |
X-Timestamp | — | Numeric | Yes | Unix timestamp in seconds when the request was sent |
Authorization | Bearer <access_token> | Alphanumeric | Yes | JWT bearer token; also used as component in the signature |
All signature-related headers (
X-Signature, X-Timestamp, Authorization) are always included when your merchant account has API credentials configured. Extract the access token from the Authorization header and use it as-is in the string to sign. See How to Validate Signature below.Body Parameters
Response code. See Appendix 01 — Response Codes. Example:
SP000Human-readable response message. Example:
SuccessfullyTransaction type identifier. Always
"disbursement" for bank transfer. Use this to distinguish from "ewallet-topup" and "qris-issuer" on the shared URL.Response payload object.
Payload Examples
Security and responses
Return HTTP200 promptly after validating the request. For retry behavior, see Webhook retry mechanism.
Verify every webhook using Security and signature validation. Use your configured callback path when building StringToSign.
Handle duplicate deliveries idempotently using stable identifiers from the payload (for example transaction_id or reff_no).
Disbursement-Specific Notes
Idempotency
Eachreference_number can only be used once per account. If you retry with the same reference_number, you’ll receive the existing transaction status rather than creating a duplicate transfer.
Detecting Duplicate Webhooks
Timestamp Formats
| Field | Format | Example | Notes |
|---|---|---|---|
X-Timestamp header | Unix seconds | 1695711945 | Used for signature validation |
post_timestamp (body) | Unix milliseconds | 1762339215000 | Divide by 1000 to convert |
processed_timestamp (body) | Unix milliseconds | 1762339215672 | Empty string if transaction failed |
Converting millisecond timestamps
Balance Reconciliation
Thebalance_after field shows your account balance after each transaction. For failed transactions, both currency and value are null — no balance change occurred.
Balance Consistency Check
Appendix
01: Response Codes
| Code | Message | Description | Action |
|---|---|---|---|
SP000 | Successfully | Success | Check inquiry status |
SP001 | Transaction Failure | Failed transaction | Check inquiry status |
SP002 | General Failure | Internal server error | Check inquiry status |
SP003 | Insufficient Balance | Account balance too low | Check inquiry status |
SP004 | Duplicate Reference Number | Reference already used | — |
SP005 | Timeout | Gateway timeout | Check inquiry status |
SP006 | Exceed Beneficiary Limit | Beneficiary amount limit reached | Check inquiry status |
SP007 | Exceed Account Limit | Account transaction limit reached | Contact IT Support |
SP008 | Invalid Reference Number | Reference does not exist | — |
SP009 | Transaction Not Found | Transaction not found | — |
SP010 | Beneficiary Account Not Found | Account not found | — |
SP011 | Beneficiary Vendor Not Active | Vendor not active | — |
SP012 | Bad Request | Bad request | — |
SP013 | Unauthorized | Unauthorized | — |
SP014 | Not Found | Not found | — |
SP015 | Forbidden | Forbidden | — |
SP016 | Signature Invalid | Signature invalid | — |
SP017 | Unauthorized IP | IP not authorized | Contact IT Support |
SP018 | Validation Error | Payload validation error | — |
SP019 | General Error | General error | Contact IT Support |
SP020 | Merchant Account Not Found | Merchant account not found | — |
02: Transaction Status
| Code | Status | Notes |
|---|---|---|
00 | Success | Transaction completed successfully |
01 | Initiated | Payment call not yet received; retry is possible |
02 | Paying | Pending/Suspect — retry status check in a few minutes; awaiting final callback |
03 | Pending | Pending/Suspect — retry status check in a few minutes; awaiting final callback |
04 | Refunded | Reversal transaction |
05 | Canceled | Create a new transaction |
06 | Failed | Transaction failed |
07 | Not Found | Create a new transaction |
