Orbital delivers webhooks to the notification URL you configure for your application (for example in the Client Portal). Events are sent as HTTP POST requests to that URL so your integration can react in near real time.
Webhook Events
| Event | Description |
|---|---|
BeneficiaryCreated | A new beneficiary has been created |
BeneficiaryRemoved | A beneficiary has been deleted |
PaymentCreated | A new payment has been initiated |
PaymentCompleted | A payment has been successfully settled |
PaymentRejected | A payment has been rejected or failed |
PaymentInformationRequired | A payment requires additional information (e.g. payer details for Travel Rule) |
Webhook Signature Verification
All webhook requests include an X-Orbital-Signature header. Verify this signature to ensure the webhook originated from Orbital:
const crypto = require('crypto');
function verifyWebhookSignature(webhookSecret, webhookUrl, body, signature) {
const data = webhookSecret + webhookUrl + body;
const expectedSignature = crypto
.createHash('sha256')
.update(data)
.digest('base64');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expectedSignature)
);
}Retry Policy
Failed webhook deliveries are automatically retried up to 4 times with exponential backoff.