Webhook Documentation - PixIn

The PixIn webhook is used for notifications related to incoming PIX transactions.

Payload Format

{
  "id": "string",
  "order_id": "string",
  "amount": 0,
  "external_ref": "string",
  "mode": "deposit",
  "payment_method": "string",
  "payment_status": "string",
  "receiver_name": "string",
  "receiver_document": "string",
  "payer_name": "string",
  "payer_document": "string",
  "payer_bank_name": "string",
  "end_to_end": "string",
  "pix_key": "string",
  "fail_reason": "string",
  "created_at": "string",
  "updated_at": "string"
}

Usage Example

This webhook can be configured to trigger when a PIX payment is received. It will send the information in the format above to the URL configured in your system.

Signature Verification

In order to ensure the authenticity of the data sent via the webhook, each request is signed using an RSA private key. The signature is included in the X-Signature header of the request. To verify the integrity and authenticity of the data, you can use the corresponding public key to validate the signature.

How to Verify the Signature

To verify the signature, follow these steps:

1. Retrieve the X-Signature header from the incoming request. This contains the signature of the body content.
2. Obtain the public key, which is required to verify the signature.
3. Use the public key and the request body (as a JSON string) to verify that the signature matches.

Obtaining the Public Key

To obtain the public key required for signature verification, please contact our support team. You can reach us through the following communication channels:

• Email: suporte@finpag.com

Once you contact support, they will provide you with the public key, which you can use to validate the authenticity of incoming webhook requests.