Production
  • Production
  • Sandbox
    Production
    • Production
    • Sandbox
    • Getting Started
    • Account Setup
    • Webhook
    • Idempotent Requests
    • Authentication
      • Authentication
      • Get Token
        POST
    • Account Management
      • Get Balance
        GET
      • Internal Transfer
        POST
      • Get Internal Transfer
        GET
      • Intra Account Sweep
        POST
    • Fiat Payment
      • Fiat Deposit
        • Get Fiat Deposit Detail
        • Get Fiat Deposit History
        • Fiat Deposit Webhook
      • Fiat Withdrawal
        • Create Fiat Withdrawal
        • Get Fiat Withdrawal Detail
        • Get Fiat Withdrawal History
        • Get List of Currencies that Supports Same-Name Withdrawal
        • Fiat Withdrawal Webhook
      • Account Management
        • Create Fiat Account Application
        • Get Fiat Account Application Status
        • Get Deposit Bank Account
        • Fiat Account Application Status Webhook
    • Address Book
      • Add Bank Account
        POST
      • Get Bank Accounts
        GET
    • Merchant Management
      • Create Merchant
      • Get Merchant
      • Merchant Status Webhook
    • Conversion
      • Create Quotation
      • Create Conversion
      • Get Quotation
      • Get Conversion
      • Conversion Webhook
    • Crypto Payment
      • Crypto Checkout
        • Create Crypto Checkout
        • Create Crypto Checkout Link
        • Crypto Checkout Wallet Connection
        • Generate POS Payment Request
        • Close Crypto Checkout
        • Get Convertible Cryptos
        • Get Crypto Checkout
        • Get Crypto Checkout Link
        • Get Crypto Checkout Currencies
        • Crypto Checkout Webhook
      • Crypto Deposit
        • Update Crypto Deposit Travel Rule Info
        • Get Crypto Deposit Wallet
        • Get Crypto Deposit
        • Get Crypto Deposit History
        • Crypto Deposit Webhook
      • Crypto Withdrawal
        • Register Wallet Address
        • Remove Wallet Address
        • Create Crypto Withdrawal
        • Get Wallet Address
        • Get Crypto Withdrawal
        • Get Crypto Withdrawal History
        • Crypto Withdrawal Webhook
      • Crypto Collection
        • Buyer Management
          • Create Buyer
          • Get Buyer
          • Update Buyer
          • Buyer Status Webhook
        • Create Collection Wallet
        • Update Collection Wallet
        • Get Collection Wallet
        • Get Crypto Collection
        • Crypto Collection Wallet Webhook
        • Crypto Collection Webhook
        • Update Co-KYT status
      • Crypto Refund
        • Create Crypto Refund
        • Confirm Crypto Refund
        • Get Crypto Refund
        • Crypto Refund Webhook
      • Currency & Blockchain
        • Get Supported Blockchains
    • Tools
      • Upload File
        POST
    • Release Note
      • Version 1.0 Release Note
      • Version 1.0.1 Release Note
      • Version 1.0.2 Release Note
      • Version 1.0.3 Release Note
      • Version 1.0.4 Release Note
    • Deprecated APIs
      • (Deprecated)Withdrawal
        • Create Withdrawal Request
        • Get Withdrawal Detail
        • Get Withdrawal History
        • Create Third Party Withdrawal Request
        • Withdrawal Status Webhook
      • (Deprecated)Deposit
        • Get Deposit Detail
        • (Deprecated)Get Deposit Bank Account
        • Get Deposit Wallet
        • Get Deposit History
        • Deposit Status Webhook
      • (Deprecated) Payment
        • Payment Request Webhook
        • Create Payment Request
        • Get Payment Request
        • Get List of Supported Currencies for Payment Link Generation
        • Get Payment Wallet Address
      • (Deprecated) OTC Trading
        • (Deprecated)Get Quote
        • OTC Trading Status Webhook
        • (Deprecated)Create OTC Trading
        • (Deprecated)Get Trade Detail
        • (Deprecated)Get Trade History
      • (Deprecated) Account Management
        • (Deprecated) Get Balance
        • (deprecated) Get Statement
        • (Deprecated) Internal Transfer
      • (Deprecated) Address Book
        • (Deprecated)Add Bank Account
        • (Deprecated)Get Bank Accounts
      • (Deprecated) Merchant Management
        • (Deprecated)Create End User Account

    Webhook

    Introduction#

    You can configure webhooks to monitor events on your account, enabling your system to receive notifications.
    CAMP relies on webhooks to notify you whenever an event occurred on your account, such as the completion of transactions. This is useful for handling asynchronous operation in real time.
    To use webhooks with your CAMP integration:
    1.
    Create a webhook endpoint in your system.
    2.
    Configure the webhook endpoint on the API Integration page. For details, please refer to the Account Setup page.
    3.
    Simulate an event to test your webhook endpoint.
    4.
    Implement validation of webhook signatures. (Optional)

    Webhook Retry Logic#

    To acknowledge receipt of an event, your endpoint must return a 2xx HTTP status code to CAMP and the response format should be application/json. Otherwise CAMP will assume the event was not received and it will retry the webhook for up to 24 hours using an exponential backoff strategy.

    Webhook Verification#

    About verifying webhook#

    Once your system is configured to receive payloads, it will listen for any delivery that is sent to the configured endpoint. To ensure that your system only processess webhook deliveries that were sent by CAMP and ensure that the delivery was not tampered, you should verify the webhook signature before processing them.

    To verify webhook signature#

    There will be X-Signature header included in all webhooks that contains a timestamp and a signature that you need to verify. The timestamp has a t= prefix, and signature has a v0= prefix.
    X-Signature: 
t=1758867971711,
v0=b2468f1bc285eb64be242ee6d02e3c959dfb61482abe47ddb50da4b6be55997e

    Steps to verify webhook signature#

    Step 1: Get the webhook secret#

    Login CAMP platform, and get the Webhook Secret in the API Integration page.
    image.png

    Step 2: Extract timestamp and signature#

    Split the header using , character as the delimiter and get the values for timestamp t and signature v0.

    Step 3: Prepare the to_sign_message string#

    Sort the entire content of the webhook (including eventType, notificationId, and data) alphabetically, then concatenate it with the timestamp t using an underscore _, forming a Alphabetically Sorted Data_Timestamp structure for subsequent encryption.

    Step 4: Compute the expected signature#

    Use the secret key as private key and use hash-based message authentication code (HMAC) with SHA-256 algorithm to encrypt the data_timestamp to generate the expected signature.

    Step 5: Compare the signature#

    Compare the signature in the webhook request payload with the expected signature.

    Preventing replay attacks#

    To prevent replay attacks, you may like to check the timestamp t against the current time and reject events that are too old. It is recommended to have a tolerance of 3 minutes between the timestamp and current time.

    Sample Code#

    JSON Property Ordering Rules#

    Modified at 2026-01-26 02:04:55
    Previous
    Account Setup
    Next
    Idempotent Requests
    Built with