Webhooks
Webhooks allow you to receive real-time notifications when an order status changes (e.g., from pending to success or failed).
Setup
- Go to Settings → Webhooks in your Reseller Dashboard
- Enter your webhook URL (must be HTTPS)
- Copy the Webhook Secret for signature verification
Payload
When an order status changes, we send a POST request to your webhook URL:
{
"event": "order.updated",
"data": {
"ref_id": "ORDER-001",
"product_sku": "ml-diamonds-86",
"customer_no": "123456789",
"status": "success",
"serial_number": "SN-ABC123XYZ",
"price": 16500,
"message": "Transaction successful",
"timestamp": "2026-03-28T10:30:00Z"
},
"signature": "webhook_signature_here"
}
Order Statuses
| Status | Description |
|---|
pending | Order received, waiting to be processed |
processing | Order is being processed by the provider |
success | Order completed successfully |
failed | Order failed — balance will be refunded |
Signature Verification
Verify the webhook signature to ensure the request is from IsiAja:
expected_signature = MD5(webhook_secret + ref_id + status)
const crypto = require('crypto');
function verifyWebhook(body, webhookSecret) {
const expected = crypto
.createHash('md5')
.update(webhookSecret + body.data.ref_id + body.data.status)
.digest('hex');
return expected === body.signature;
}
Response
Your webhook endpoint must respond with HTTP 200 within 10 seconds. If we don’t receive a 200, we’ll retry:
- Retry 1: After 1 minute
- Retry 2: After 5 minutes
- Retry 3: After 30 minutes
- Retry 4: After 2 hours
After 4 failed retries, the webhook is marked as failed. You can check and resend from the dashboard.
Always verify the webhook signature before processing. Never trust the payload without verification.
