v2.0 (Production)
    • v2.0 (Production)
    • v2.1 (Sandbox)
    • v2.0 (Sandbox)
    • v1.0 (Deprecated)
    • Getting Started
    • Account Setup
    • Webhook
    • Idempotent Requests
    • API Error Handling Guide
    • Authentication
      • Authentication
      • Get Token
        POST
    • Account Management
      • Get Balance
        GET
      • Internal Transfer
        POST
      • Get Internal Transfer
        GET
      • Get Settlement Statement
        GET
    • Merchant Management
      • [Recommended] Create Merchant
      • [Recommended] Get Merchant
      • [Recommended] Merchant Status Webhook
      • Merchant Status Webhook
    • Fiat Payment
      • Fiat Account Management
        • Get Fiat Account Capabilities
        • Create Fiat Account Request
        • Submit Additional Information for Fiat Account Request
        • Get Fiat Account Application Status
        • Fiat Account Request Status Webhook
        • Fiat Account Application Status Webhook
        • Add Bank Account
        • Get Bank Accounts
      • Fiat Deposit
        • Get Deposit Bank Account
        • Get Fiat Deposit Detail
        • Get Fiat Deposit History
        • Fiat Deposit Webhook
      • Fiat Withdrawal
        • Get Same Name Withdrawal Capabilities
        • Activate Same Name Withdrawal
        • Submit Additional Information for Activating Same Name Withdrawal
        • Activate Same Name Withdrawal Webhook
        • Create Fiat Withdrawal
        • Submit Additional Information for Fiat Withdrawal Request
        • Get Fiat Withdrawal Detail
        • Get Fiat Withdrawal History
        • Fiat Withdrawal Webhook
    • Crypto Payment
      • Crypto Checkout
        • Create Crypto Checkout
        • Create Crypto Checkout Link
        • Crypto Checkout Wallet Connection
        • Generate POS Payment Request
        • Close Crypto Checkout
        • Get Convertible Cryptos
        • Get Crypto Checkout
        • Get Crypto Checkout Link
        • Get Crypto Checkout Currencies
        • Crypto Checkout Webhook
      • Crypto Deposit
        • Update Crypto Deposit Travel Rule Info
        • Get Crypto Deposit Wallet
        • Get Crypto Deposit
        • Get Crypto Deposit History
        • Crypto Deposit Webhook
      • Crypto Withdrawal
        • Register Wallet Address
        • Remove Wallet Address
        • Create Crypto Withdrawal
        • Get Wallet Address
        • Get Crypto Withdrawal
        • Get Crypto Withdrawal History
        • Crypto Withdrawal Webhook
      • Crypto Collection
        • Buyer Management
          • Create Buyer
          • Get Buyer
          • Update Buyer
          • Buyer Status Webhook
        • Create Collection Wallet
        • Update Collection Wallet
        • Get Collection Wallet
        • Get Crypto Collection
        • Update Co-KYT status
        • Crypto Collection Wallet Webhook
        • Crypto Collection Webhook
      • Crypto Refund
        • Create Crypto Refund
        • Confirm Crypto Refund
        • Get Crypto Refund
        • Crypto Refund Webhook
      • Currency & Blockchain
        • Get Supported Blockchains
    • Conversion
      • Create Quotation
      • Create Conversion
      • Get Quotation
      • Get Conversion
      • Conversion Webhook
    • Tools
      • [Recommended] Upload File
        POST
      • [Deprecated] Upload File
        POST
      • getTnC
        GET
    • Release Note
      • Version 1.0 Release Note
      • Version 1.0.1 Release Note
      • Version 1.0.2 Release Note
      • Version 1.0.3 Release Note
      • Version 1.0.4 Release Note
    • Deprecated APIs
      • Deprecated
        • [Deprecated] Create Fiat Account Application(v1.0)
        • [Deprecated] Get Fiat Account Application Status(v1.0)
        • [Deprecated] Fiat Account Application Status Webhook(v1.0)
      • (Deprecated)Withdrawal
        • Create Withdrawal Request
        • Get Withdrawal Detail
        • Get Withdrawal History
        • Create Third Party Withdrawal Request
      • (Deprecated)Deposit
        • Get Deposit Detail
        • (Deprecated)Get Deposit Bank Account
        • Get Deposit Wallet
        • Get Deposit History
      • (Deprecated) Payment
        • Create Payment Request
        • Get Payment Request
        • Get List of Supported Currencies for Payment Link Generation
        • Get Payment Wallet Address
      • (Deprecated) OTC Trading
        • (Deprecated)Get Quote
        • (Deprecated)Create OTC Trading
        • (Deprecated)Get Trade Detail
        • (Deprecated)Get Trade History
      • (Deprecated) Account Management
        • (Deprecated) Get Balance
        • (deprecated) Get Statement
        • (Deprecated) Internal Transfer
      • (Deprecated) Address Book
        • (Deprecated)Add Bank Account
        • (Deprecated)Get Bank Accounts
      • (Deprecated) Merchant Management
        • (Deprecated)Create End User Account
      • Deprecated
        • [Deprecated] Get List of Currencies that Supports Same-Name Withdrawal
        • [Deprecated] Create Fiat Withdrawal(v1.0)
        • [Deprecated] Get Fiat Withdrawal Detail(v1.0)
        • [Deprecated] Get Fiat Withdrawal History(v1.0)
        • Fiat Withdrawal Webhook
      • Deprecated
        • [Deprecated] Create Merchant(v1.0)
        • [Deprecated] Get Merchant(v1.0)
        • [Deprecated] Merchant Status Webhook(v1.0)
      • (Deprecated) Intra Account Sweep

    Webhook

    Introduction#

    You can configure webhooks to monitor events on your account, enabling your system to receive notifications.
    CAMP relies on webhooks to notify you whenever an event occurred on your account, such as the completion of transactions. This is useful for handling asynchronous operation in real time.
    To use webhooks with your CAMP integration:
    1.
    Create a webhook endpoint in your system.
    2.
    Configure the webhook endpoint on the API Integration page. For details, please refer to the Account Setup page.
    3.
    Simulate an event to test your webhook endpoint.
    4.
    Implement validation of webhook signatures. (Optional)

    Webhook Retry Logic#

    To acknowledge receipt of an event, your endpoint must return a 2xx HTTP status code to CAMP and the response format should be application/json. Otherwise CAMP will assume the event was not received and it will retry the webhook for up to 24 hours using an exponential backoff strategy.

    Webhook Verification#

    About verifying webhook#

    Once your system is configured to receive payloads, it will listen for any delivery that is sent to the configured endpoint. To ensure that your system only processess webhook deliveries that were sent by CAMP and ensure that the delivery was not tampered, you should verify the webhook signature before processing them.

    To verify webhook signature#

    There will be X-Signature header included in all webhooks that contains a timestamp and a signature that you need to verify. The timestamp has a t= prefix, and signature has a v0= prefix.
    X-Signature: 
t=1758867971711,
v0=b2468f1bc285eb64be242ee6d02e3c959dfb61482abe47ddb50da4b6be55997e

    Steps to verify webhook signature#

    Step 1: Get the webhook secret#

    Login CAMP platform, and get the Webhook Secret in the API Integration page.
    image.png

    Step 2: Extract timestamp and signature#

    Split the header using , character as the delimiter and get the values for timestamp t and signature v0.

    Step 3: Prepare the to_sign_message string#

    Sort the entire content of the webhook (including eventType, notificationId, and data) alphabetically, then concatenate it with the timestamp t using an underscore _, forming a Alphabetically Sorted Data_Timestamp structure for subsequent encryption.

    Step 4: Compute the expected signature#

    Use the secret key as private key and use hash-based message authentication code (HMAC) with SHA-256 algorithm to encrypt the data_timestamp to generate the expected signature.

    Step 5: Compare the signature#

    Compare the signature in the webhook request payload with the expected signature.

    Preventing replay attacks#

    To prevent replay attacks, you may like to check the timestamp t against the current time and reject events that are too old. It is recommended to have a tolerance of 3 minutes between the timestamp and current time.

    Sample Code#

    JSON Property Ordering Rules#

    Modified at 2026-01-26 02:04:55
    Previous
    Account Setup
    Next
    Idempotent Requests
    Built with