Webhooks

When a payment confirms, you can emit a signed payment.confirmed event to your backend.

Outbound (SDK signs)

const payments = new AutlanticPayments({
  webhookSecret: process.env.WEBHOOK_SECRET,
});

const out = await payments.confirmByTxHash(intent, txHash);
if (out.ok) {
  const signed = payments.signWebhook(out.event);
  // POST signed.body to your URL
  // Header: x-autlantic-signature: signed.signature
}

Inbound (your server verifies)

Always verify before trusting the body:

const ok = payments.verifyWebhook(rawBody, signatureHeader);
// or parse in one step:
const event = payments.parseWebhook(rawBody, signatureHeader);

Use the raw request body for verification. Do not re-serialize JSON.

Event shape

json

{
  "type": "payment.confirmed",
  "intentId": "pi_…",
  "merchantRef": "order_123",
  "txHash": "…",
  "amountUsdt": 20,
  "payToAddress": "T…",
  "blockTimestamp": 1700000000000,
  "observedAt": "2026-05-22T12:00:00.000Z"
}

Header: x-autlantic-signature (hex HMAC-SHA256 of raw body).

Test webhook flow

emitTestEvent({ scenario: "payment.confirmed", ... }) in sandbox
POST webhook.body to your endpoint with x-autlantic-signature
Handler calls payments.parseWebhook(rawBody, signature)

See Sandbox & testing.

Webhooks ​

Outbound (SDK signs) ​

Inbound (your server verifies) ​

Event shape ​

Test webhook flow ​

Webhooks

Outbound (SDK signs)

Inbound (your server verifies)

Event shape

Test webhook flow