Money In Operation — This webhook fires when a customer completes an e-wallet payment, transferring funds into your SingaPay account.
Information
| Method | Path | Format | Authentication |
|---|---|---|---|
| POST | https://your-webhook-url/callback | json | HMAC SHA512 Signature |
POST request to your configured transaction_notif_url when a customer completes payment via e-wallet native checkout.
This webhook may share a callback URL with other event types. See Shared webhook endpoints for routing by
event value.Request Details
Headers
| Field | Value | Type | Mandatory | Description |
|---|---|---|---|---|
Content-Type | application/json | Alphabetic | Yes | Specifies JSON format for the request body |
User-Agent | SingaPaymentGateway/1.0 | Alphabetic | Yes | Identifies the source of the webhook |
Accept | application/json | Alphabetic | Yes | Expected response format |
X-PARTNER-ID | — | Alphanumeric | Yes | Your API Key from the merchant dashboard |
X-Signature | — | Alphanumeric | Yes | HMAC SHA512 signature (128 chars) for request verification |
X-Timestamp | — | Numeric | Yes | Unix timestamp in seconds when the request was sent |
Authorization | Bearer <random_token> | Alphanumeric | Yes | System-generated random bearer token; used as a component in the signature |
The
Authorization token for e-wallet webhooks is a randomly generated string — not a user access token. This webhook is triggered by a payment notification (system event), not a user action. Extract the token as-is and use it in the string to sign. See How to Validate Signature below.Body Parameters
HTTP Status Code. Example:
200Indicates if the transaction was successful. Example:
trueEvent type identifier. Always
"ewallet-native-transaction" for this webhook.Event timestamp in format
"d M Y H:i:s". Example: "26 Dec 2025 13:35:45"Container for transaction, customer, and payment details.
Payload Example
Success
Security and responses
Return HTTP200 promptly after validating the request. For retry behavior, see Webhook retry mechanism.
Verify every webhook using Security and signature validation. Use your configured callback path when building StringToSign.
Handle duplicate deliveries idempotently using stable identifiers from the payload (for example transaction_id or reff_no).
E-Wallet Specific Notes
amount vs total_amount
amount vs total_amount
total_amount is the gross amount the customer paid. amount is the net amount after fees — this is what gets credited to your balance. Always use total_amount for display to the customer and amount for reconciliation.vendor_reference_no may be null
vendor_reference_no may be null
The
vendor_reference_no field may be null depending on the e-wallet provider’s API response. Always handle null gracefully in your code — don’t assume it’s always populated.Customer fields are optional
Customer fields are optional
All
customer fields (name, email, phone) are optional and depend on the data provided during checkout creation. Your handler should not assume any of these are present.Timestamp format & timezone
Timestamp format & timezone
Both
post_timestamp and processed_timestamp use the format "d M Y H:i:s" (e.g. "26 Dec 2025 13:35:45") in Asia/Jakarta (WIB) timezone — not UTC.