Receiving an event

To receive an event, you need to create an unauthenticated POST endpoint in your application. The event object is sent as JSON in the request body. 
// Using Express
app.post("/my/webhook/url", function(req, res) {
    // Retrieve the request body
    const eventType = req.body.event;
    const eventData = req.body.data;
    // Do something with event
    res.sendStatus(200);
});

Supported events

Verifying event source

Every event dispatched by Partna includes a signature property within the payload. The value of this property represents an HMAC SHA256 signature of the event payload, which has been signed using our RSA private key.

Public keys for event data verification

Collect & Onramp

To verify the signature using our RSA public key, follow the steps below: 
import crypto from 'crypto';

const verfyVentogramEvent = (payload: string, signature: string) => {
  res.sendStatus(200);
  const ventogramEventPublicKey = config.ventogramEventPublicKey;

  return crypto.verify(
    'sha256',
    Buffer.from(payload),
    {
      key: ventogramEventPublicKey,
      padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
    },
    Buffer.from(signature, 'base64')
  );
}

const ventogramEventHandler = async (req, res) => {
  const isSignatureValid = verfyVentogramEvent(JSON.stringify(req.body.data), req.body.signature);
  if (!isSignatureValid) {
    return;
  }
  // ... other processing goes here
}

Payout & Offramp

To verify the signature using our RSA public key, follow the steps below: 
import crypto from 'crypto';

const verfyCoinprofileEvent = (payload: string, signature: string) => {
  const publicKey = config.coinprofileEventPublicKey;

  return crypto.verify(
    'sha256',
    Buffer.from(payload),
    {
      key: publicKey,
      padding: crypto.constants.RSA_PKCS1_PSS_PADDING,
    },
    Buffer.from(signature, 'base64')
  );
}

const coinprofileEventHandler = async (req, res) => {
  res.sendStatus(200);
  const isSignatureValid = verfyCoinprofileEvent(JSON.stringify(req.body.data), req.body.signature);
  if (!isSignatureValid) {
    return;
  }
  // ... other processing goes here
}