Introduction

Generally, when you make a request to an API endpoint, you expect to get a near-immediate response. However, some requests may take a long time to process, which can lead to timeout errors. In order to prevent a timeout error, a pending response is returned. Since your records need to be updated with the final state of the request, you need to either:

  1. Make a request for an update (popularly known as polling) or,
  2. Listen to events by using a webhook URL.

Helpful Tip
We recommend that you use webhook to provide value to your customers over using callbacks or polling. With callbacks, we don’t have control over what happens on the customer’s end. Neither do you. Callbacks can fail if the network connection on a customer’s device fails or is weak or if the device goes off after a transaction.

Polling vs Webhooks

Polling requires making a GET request at regular intervals to get the final status of a request. For example, when you issue an address to a customer for deposits, you keep making a request for transactions linked to the address until you find one.

With webhooks, the resource server, Blockradar in this case, sends updates to your server when the status of your request changes. The change in status of a request is known as an event. You’ll typically listen to these events on a POST endpoint called your webhook URL.

The table below highlights some differences between polling and webhooks:

PollingWebhooks
Mode of updateManualAutomatic
Rate limitingYesNo
Impacted by scalingYesNo

Create a webhook URL

A webhook URL is simply a POST endpoint that a resource server sends updates to. The URL needs to parse a JSON request and return a 200 OK:

// Using Express
app.post("/my/webhook/url", function(req, res) {
    // Retrieve the request's body
    const event = req.body;
    // Do something with event
    res.send(200);
});

When your webhook URL receives an event, it needs to parse and acknowledge the event. Acknowledging an event means returning a 200 OK in the HTTP header. Without a 200 OK in the response header, we’ll keep sending events for the next 2 hours and 35 minutes:

  • We’ll attempt to send webhooks 5 times with an increasing delay between each attempt, starting with 5 minutes and increasing exponentially up to 80 minutes. The total duration for these 5 attempts will span approximately 2 hours and 35 minutes.

Avoid long-running tasks
If you have long-running tasks in your webhook function, you should acknowledge the event before executing the long-running tasks. Long-running tasks will lead to a request timeout and an automatic error response from your server. Without a 200 OK response, we retry as described in the paragraph above.

Testing Webhooks Locally

During development, you can configure your webhook URL in your TEST master wallet environment to a local address, such as http://localhost or 127.0.0.1.

To expose your local server to the internet for testing purposes, consider using a tool like ngrok or webhook.site. These tools allow you to see what the webhook payload looks like and simulate webhook events locally before deploying your application to a live environment.

Using these tools, you can ensure that your webhook integration is functioning correctly and handle any issues in a controlled, local environment before moving to production.

Resend Transaction Webhook

Incase where for some reasons you don’t receive transaction webhook and the backoff time is elapse, we’ve provided an API you can use to resend a transaction webhook

Use with caution!
As this can lead to processing already completed transactions, make sure you have proper validation in place while using this endpoint.

curl --request POST \
  --url https://api.blockradar.co/v1/wallets/{walletId}/transactions/webhooks/resend \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '{
  "id": "TRANSACTION_ID"
}'

Verify event origin

Since your webhook URL is publicly available, you need to verify that events originate from Blockradar and not a bad actor. There are two ways to ensure events to your webhook URL are from Blockradar:

  1. Signature validation (recommended)

Signature validation

Events sent from Blockradar carry the x-blockradar-signature header. The value of this header is a HMAC SHA512 signature of the event payload signed using your secret key. Verifying the header signature should be done before processing the event:

const crypto = require('crypto');
const apiKey = process.env.WALLET_API_KEY;
// Using Express
app.post("/my/webhook/url", function(req, res) {
    //validate event
    const hash = crypto.createHmac('sha512', apiKey).update(JSON.stringify(req.body)).digest('hex');
    if (hash == req.headers['x-blockradar-signature']) {
    // Retrieve the request's body
    const event = req.body;
    // Do something with event  
    }
    res.send(200);
});

Go Live Checklist

Now that you’ve successfully created your webhook URL, here are some ways to ensure you get a delightful experience:

  • Add the webhook URL on your Master wallets on the Blockradar dashboard
  • Ensure your webhook URL is publicly available (localhost URLs cannot receive events)
  • If using .htaccess, kindly remember to add the trailing / to the URL
  • Test your webhook to ensure you’re getting the JSON body and returning a 200 OK HTTP response
  • If your webhook function has long-running tasks, you should first acknowledge receiving the webhook by returning a 200 OK before proceeding with the long-running tasks
  • If we don’t get a 200 OK HTTP response from your webhooks, we flag it as a failed attempt
  • We’ll attempt to send webhooks 5 times with an increasing delay between each attempt, starting with 5 minutes and increasing exponentially up to 80 minutes. The total duration for these 5 attempts will span approximately 2 hours and 35 minutes.

Types of events

Here are the events we currently raise. We would add more to this list as we hook into more actions in the future.

Event Examples

Below are examples of webhook payloads for some of the most common events:

{
    "event": "deposit.success",
    "data": {
        "id": "6d2f9646-cae4-48a5-8bfe-1f9379868d4f",
        "reference": "LSk5RLfSrR",
        "senderAddress": "0x2455eC6700092991Ce0782365A89d5Cd89c8Fa22",
        "recipientAddress": "0xe1037B45b48390285e5067424053fa35c478296b",
        "amount": "10.0",
        "amountPaid": "10.0",
        "fee": null,
        "currency": "USD",
        "blockNumber": 6928760,
        "blockHash": "0x5f2e0ed782752b9559e7a3d89c0fb9f6706e4866e74ba7a434cf933bb3f02a2b",
        "hash": "0x94c733496df59c15e5a489f20374096bba31166a8e149ceea4d410e3e5821357",
        "confirmations": 6,
        "confirmed": true,
        "gasPrice": "1201381238",
        "gasUsed": "62159",
        "gasFee": "0.000074676656372842",
        "status": "SUCCESS",
        "type": "DEPOSIT",
        "note": null,
        "amlScreening": {
            "provider": "ofac",
            "status": "success",
            "message": "Address is not sanctioned"
        },
        "assetSwept": null,
        "assetSweptAt": null,
        "assetSweptGasFee": null,
        "assetSweptHash": null,
        "assetSweptSenderAddress": null,
        "assetSweptRecipientAddress": null,
        "assetSweptAmount": null,
        "reason": null,
        "network": "testnet",
        "chainId": 11155111,
        "metadata": {
            "user_id": 1
        },
        "createdAt": "2024-10-23T11:19:58.451Z",
        "updatedAt": "2024-10-23T11:19:58.451Z",
        "asset": {
            "id": "fe04a28c-c615-4e41-8eda-f84c862864f5",
            "name": "USDC Coin",
            "symbol": "USDC",
            "decimals": 6,
            "address": "0x1c7D4B196Cb0C7B01d743Fbc6116a902379C7238",
            "standard": "ERC20",
            "isActive": true,
            "logoUrl": "https://res.cloudinary.com/blockradar/image/upload/v1716800083/crypto-assets/usd-coin-usdc-logo_fs9mhv.png",
            "network": "testnet",
            "createdAt": "2024-05-14T11:53:33.682Z",
            "updatedAt": "2024-06-14T22:32:12.589Z"
        },
        "address": {
            "id": "0a69c48a-6c6f-422c-bd6a-70de3306a3ac",
            "address": "0xe1037B45b48390285e5067424053fa35c478296b",
            "name": "Customer 1",
            "isActive": true,
            "type": "INTERNAL",
            "derivationPath": "m/44'/60'/0'/0/87",
            "metadata": {
                "user_id": 1
            },
            "configurations": {
                "aml": {
                    "status": "success",
                    "message": "Address is not sanctioned",
                    "provider": "ofac"
                },
                "showPrivateKey": false,
                "disableAutoSweep": false,
                "enableGaslessWithdraw": false
            },
            "network": "testnet",
            "createdAt": "2024-10-23T11:13:40.446Z",
            "updatedAt": "2024-10-23T11:13:40.446Z"
        },
        "blockchain": {
            "id": "85ffc132-3972-4c9e-99a5-5cf0ccb688bf",
            "name": "ethereum",
            "symbol": "eth",
            "slug": "ethereum",
            "derivationPath": "m/44'/60'/0'/0",
            "isEvmCompatible": true,
            "logoUrl": "https://res.cloudinary.com/blockradar/image/upload/v1716800081/crypto-assets/ethereum-eth-logo_idraq2.png",
            "isActive": true,
            "tokenStandard": "ERC20",
            "createdAt": "2024-05-14T11:53:33.095Z",
            "updatedAt": "2024-06-14T22:32:11.983Z"
        },
        "wallet": {
            "id": "d236a191-c1d4-423c-a439-54ce6542ca41",
            "name": "Ethereum Master Wallet",
            "description": "This is ethereum testnet master wallet",
            "address": "0x947514e4B803e312C312da0F1B41fEDdbe15ae7a",
            "derivationPath": "m/44'/60'/0'/0/0",
            "isActive": true,
            "status": "ACTIVE",
            "network": "testnet",
            "createdAt": "2024-08-22T09:48:56.322Z",
            "updatedAt": "2024-10-23T10:52:34.332Z",
            "business": {
                "id": "4b96c271-35eb-45e8-b558-6a53f95df601",
                "name": "Test One Inc",
                "sector": "Fintech",
                "status": "ACTIVE",
                "createdAt": "2024-08-22T09:28:37.522Z",
                "updatedAt": "2024-08-22T09:28:37.522Z"
            }
        },
        "beneficiary": null
    }
}

Complete Event List

EventDescription
deposit.successTriggered when a deposit transaction is successfully received and confirmed on the blockchain.
deposit.failedTriggered when a deposit transaction fails to be processed or confirmed.
deposit.swept.successTriggered when funds from a deposit are successfully swept (transferred) to the master wallet.
deposit.swept.failedTriggered when the auto-sweep process fails to transfer funds to the master wallet.
withdraw.successTriggered when a withdrawal transaction is successfully executed and confirmed on the blockchain.
withdraw.failedTriggered when a withdrawal transaction fails to execute. This can occur due to insufficient funds, network congestion, or other blockchain-related issues.
swap.successTriggered when a swap transaction is successfully executed and the assets are exchanged.
swap.failedTriggered when a swap transaction fails to execute. This can occur due to insufficient funds, network congestion, or swap contract errors.
custom-smart-contract.successTriggered when a custom smart contract transaction is successfully executed. This indicates that the contract interaction completed successfully on the blockchain.
custom-smart-contract.failedTriggered when a custom smart contract transaction fails to execute. This can occur due to various reasons such as insufficient funds, network congestion, or smart contract errors.
staking.successTriggered when a staking transaction is successfully executed and the assets are staked.
staking.failedTriggered when a staking transaction fails to execute. This can occur due to insufficient funds, network congestion, or staking contract errors.
unstaking.successTriggered when an unstaking transaction is successfully executed and the assets are unstaked.
unstaking.failedTriggered when an unstaking transaction fails to execute. This can occur due to insufficient staked balance, network congestion, or staking contract errors.
unstaking.withdraw.successTriggered when unstaked assets are successfully withdrawn to the user’s address.
unstaking.withdraw.failedTriggered when the withdrawal of unstaked assets fails to execute. This can occur due to insufficient balance, network congestion, or other blockchain-related issues.
restaking.successTriggered when a restaking transaction is successfully executed and the assets are restaked.
restaking.failedTriggered when a restaking transaction fails to execute. This can occur due to insufficient funds, network congestion, or staking contract errors.
auto-settlement.successTriggered when an auto-settlement transaction is successfully executed and the settlement is completed.
auto-settlement.failedTriggered when an auto-settlement transaction fails to execute. This can occur due to insufficient funds, network congestion, or settlement contract errors.
salvage.successTriggered when a salvage operation is successfully executed and the assets are recovered.
salvage.failedTriggered when a salvage operation fails to execute. This can occur due to insufficient funds, network congestion, or salvage contract errors.

Transaction Types and Statuses

Transaction Types

The following transaction types are used in webhook payloads:

TypeDescription
DEPOSITA deposit transaction where funds are received into a wallet address
WITHDRAWA withdrawal transaction where funds are sent from a wallet to an external address
SALVAGEA salvage operation to recover stuck or lost funds
AUTO_SETTLEMENTAn automatic settlement transaction
STAKINGA staking transaction where assets are staked
UNSTAKINGAn unstaking transaction where staked assets are unstaked
RESTAKINGA restaking transaction where assets are restaked
UNSTAKING_WITHDRAWA withdrawal of unstaked assets
CUSTOM_SMART_CONTRACTA custom smart contract interaction
SWAPA swap transaction where one asset is exchanged for another

Transaction Statuses

The following statuses indicate the current state of a transaction:

StatusDescription
PENDINGTransaction is being processed but not yet confirmed
SUCCESSTransaction has been successfully executed and confirmed
FAILEDTransaction failed to execute or was rejected
INCOMPLETETransaction is incomplete and may require additional steps

These transaction types and statuses are used in the type and status fields of webhook payloads to help you understand what kind of transaction occurred and its current state.



Happy hacking! ❤️