Skip to content

Webhooks

BTC Direct can send webhook notifications to your server when events occur on orders and users. This allows your application to react to changes in real-time without polling the API.

To set up webhooks for your account, contact your account manager.

When an event occurs, BTC Direct sends an HTTP POST request to your configured webhook URL. The payload contains the event type and relevant data.

All webhooks include a SHA-256 HMAC signature for verification, generated using your partner secret.

A typical buy (fiat-to-coin) order goes through the following stages. The webhooks you receive depend on how far the order progresses:

flowchart TD
    order_created -->|payment received| order_paid
    order_created -->|expired or cancelled| order_payment_failed
    order_payment_failed --> order_cancelled
    order_paid --> order_sent
    order_paid -->|delivery fails| order_payment_delivery_failed
    order_sent --> order_completed
EventDescription
order_createdA new order has been created.
order_paidPayment for the order has been received.
order_completedThe order is fully completed. Crypto has been delivered (F2C) or fiat has been paid out (C2F).
order_sentPayment or crypto has been sent to the user.
order_cancelledThe order has been cancelled.
order_payment_failedThe payment attempt failed (expired or cancelled by user).
order_deposit_detectedA deposit has been detected on the blockchain (C2F orders).
order_deposit_confirmedA deposit has been confirmed on the blockchain (C2F orders).
order_payment_delivery_failedDelivery of the payment failed.
order_payment_chargebackA chargeback has been initiated on the payment.
flowchart TD
    user_created --> user_verified
    user_created -->|identifier linked| user_identifier_linked
    user_verified --> user_logged_in
    user_logged_in -->|identifier linked| user_identifier_linked
    user_verified -->|account disabled| user_disabled
EventDescription
user_createdA new user account has been created.
user_identifier_linkedA partner-supplied identifier has been linked to a user account. Sent only when linking succeeds, and echoes back your original (raw) identifier. Used in the encrypted user-identifier checkout flow.
user_verifiedThe user has completed identity verification (KYC).
user_disabledThe user account has been disabled.
user_logged_inThe user has logged in.

Each webhook request includes a signature header. Verify it by computing the SHA-256 HMAC of the request body using your partner secret and comparing it to the signature in the header.