API Reference

Webhooks

Setting up a Webhook will enable you to get notified of deposits and withdrawals as they happen in your workspace.

To add a webhook please refer to the steps mentioned below. Once your Webhook is configured, you will start receiving HTTP POST callbacks to your client application.

Webhook Event (example)

{
  "id": "string",
  "sub_account": {
    "id": "string",
    "title": "Main Account"
  },
  "type": "Withdraw",
  "asset": "USDT_TRX",
  "amount": 24132.32,
  "amount_in_usd": 24130,
  "network_fee": 27.29748,
  "nett": -24159.61748,
  "fees": {
    "sweep_fee": 0,
    "refill_fee": 0,
    "withdrawal_fee": 27.29748
  },
  "hash": "string",
  "source_type": "Internal",
  "source_id": "string",
  "source_alias": "Omnibus Wallet",
  "dest_type": "External",
  "dest_id": "string",
  "dest_alias": null,
  "dest_outputs": [],
  "memo": "832",
  "sequence_id": null,
  "created_on_utc": "2024-11-26T23:43:30Z",
  "created_timestamp_utc": 1732664610,
  "status": "Success",
  "confirmations": {
    "required": 3,
    "actual": 17
  },
  "explorer_url": "https://tronscan.org/#/transaction/000",
  "last_updated_on_utc": "2024-11-26T23:45:51.092536Z",
  "last_updated_timestamp_utc": 1732664751,
  "tx_key": null,
  "failure_reason": null,
  "approvals": null,
  "aml": {
    "cid": "string",
    "risk_score": null,
    "ca_payload": null
  },
  "created_by": {
    "name": "username-string",
    "email": null
  },
  "cancelled_by": null
}

Add a webhook

  1. Visit https://finrock.io/webhooks
  2. Type your URL (e.g. https://yourbackend.com/webhook) and click + button to add a new webhook URL

Webhook Authentication (recommended)

A POST request to the URL(s) expects a 200 response. If no response is received, we will resend the request at most 5 times with increasing delay between each attempt, the retry attempts will be taken after [30, 60, 90, 120, 180] seconds.

All events will be sent with an x-signature header containing an RSA-SHA512 signature of the Webhook payload. Your client application should verify the signature using our WEBHOOK_PUBLIC_KEY, which is appended below.

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZp06RxNzqjDAv1gxpvCkdIOnO
BfBN12P5vWN/1pO6RQf5IYzHd6ucO+DdLUuYnVRpWOkC+GGqbeyumdlKmqeiSplZ
cwu9ejAxRPw1xoGbm159tOYCgQaStF7w3TYsbaK7TVPDY50evtMV5IbAowgpmAkk
fbEIgAVEf7uDIGU6LwIDAQAB
-----END PUBLIC KEY-----

How to validate the request

const crypto = require("crypto");

var jsonPayload = 'WEBHOOK_JSON_BODY';
var signature = 'WEBHOOK_HEADER_X-SIGNATURE';
var publicKey = 'WEBHOOK_PUBLIC_KEY';

const isVerified = crypto.verify(
    "SHA512",
    Buffer.from(jsonPayload, "utf8"),
    {
        key: publicKey,
        padding: crypto.constants.RSA_PKCS1_PADDING,
    },
    Buffer.from(signature, "base64")
);

// isVerified should be `true` if the signature is valid
console.log("signature verified: ", isVerified);