Introduction

Generally, when you make a request to an API endpoint, you expect to get a near-immediate response. However, some requests may take a long time to process, which can lead to timeout errors. In order to prevent a timeout error, a pending response is returned. Since your records need to be updated with the final state of the request, you need to either:

  1. Make a request for an update (popularly known as polling) or,
  2. Listen to events by using a webhook URL.

Helpful Tip
We recommend that you use webhook to provide value to your customers over using callbacks or polling. With callbacks, we don’t have control over what happens on the customer’s end. Neither do you. Callbacks can fail if the network connection on a customer’s device fails or is weak or if the device goes off after a transaction.

Polling vs Webhooks

Polling requires making a GET request at regular intervals to get the final status of a request. For example, when you issue an address to a customer for deposits, you keep making a request for transactions linked to the address until you find one.

With webhooks, the resource server, Blockradar in this case, sends updates to your server when the status of your request changes. The change in status of a request is known as an event. You’ll typically listen to these events on a POST endpoint called your webhook URL.

The table below highlights some differences between polling and webhooks:

PollingWebhooks
Mode of updateManualAutomatic
Rate limitingYesNo
Impacted by scalingYesNo

Create a webhook URL

A webhook URL is simply a POST endpoint that a resource server sends updates to. The URL needs to parse a JSON request and return a 200 OK:

// Using Express
app.post("/my/webhook/url", function(req, res) {
    // Retrieve the request's body
    const event = req.body;
    // Do something with event
    res.send(200);
});

When your webhook URL receives an event, it needs to parse and acknowledge the event. Acknowledging an event means returning a 200 OK in the HTTP header. Without a 200 OK in the response header, we’ll keep sending events for the next 2 hours and 35 minutes:

  • We’ll attempt to send webhooks 5 times with an increasing delay between each attempt, starting with 5 minutes and increasing exponentially up to 80 minutes. The total duration for these 5 attempts will span approximately 2 hours and 35 minutes.

Avoid long-running tasks
If you have long-running tasks in your webhook function, you should acknowledge the event before executing the long-running tasks. Long-running tasks will lead to a request timeout and an automatic error response from your server. Without a 200 OK response, we retry as described in the paragraph above.

Testing Webhooks Locally

During development, you can configure your webhook URL in your TEST master wallet environment to a local address, such as http://localhost or 127.0.0.1.

To expose your local server to the internet for testing purposes, consider using a tool like ngrok or webhook.site. These tools allow you to see what the webhook payload looks like and simulate webhook events locally before deploying your application to a live environment.

Using these tools, you can ensure that your webhook integration is functioning correctly and handle any issues in a controlled, local environment before moving to production.

Resend Transaction Webhook

Incase where for some reasons you don’t receive transaction webhook and the backoff time is elapse, we’ve provided an API you can use to resend a transaction webhook

Use with caution!
As this can lead to processing already completed transactions, make sure you have proper validation in place while using this endpoint.

curl --request POST \
  --url https://api.blockradar.co/v1/wallets/{walletId}/transactions/webhooks/resend \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: <api-key>' \
  --data '{
  "id": "TRANSACTION_ID"
}'

Verify event origin

Since your webhook URL is publicly available, you need to verify that events originate from Blockradar and not a bad actor. There are two ways to ensure events to your webhook URL are from Blockradar:

  1. Signature validation (recommended)

Signature validation

Events sent from Blockradar carry the x-blockradar-signature header. The value of this header is a HMAC SHA512 signature of the event payload signed using your secret key. Verifying the header signature should be done before processing the event:

const crypto = require('crypto');
const apiKey = process.env.WALLET_API_KEY;
// Using Express
app.post("/my/webhook/url", function(req, res) {
    //validate event
    const hash = crypto.createHmac('sha512', apiKey).update(JSON.stringify(req.body)).digest('hex');
    if (hash == req.headers['x-blockradar-signature']) {
    // Retrieve the request's body
    const event = req.body;
    // Do something with event  
    }
    res.send(200);
});

Go Live Checklist

Now that you’ve successfully created your webhook URL, here are some ways to ensure you get a delightful experience:

  • Add the webhook URL on your Master wallets on the Blockradar dashboard
  • Ensure your webhook URL is publicly available (localhost URLs cannot receive events)
  • If using .htaccess, kindly remember to add the trailing / to the URL
  • Test your webhook to ensure you’re getting the JSON body and returning a 200 OK HTTP response
  • If your webhook function has long-running tasks, you should first acknowledge receiving the webhook by returning a 200 OK before proceeding with the long-running tasks
  • If we don’t get a 200 OK HTTP response from your webhooks, we flag it as a failed attempt
  • We’ll attempt to send webhooks 5 times with an increasing delay between each attempt, starting with 5 minutes and increasing exponentially up to 80 minutes. The total duration for these 5 attempts will span approximately 2 hours and 35 minutes.

Supported events

{
    "event": "deposit.success",
    "data": {
        "id": "6d2f9646-cae4-48a5-8bfe-1f9379868d4f",
        "reference": "LSk5RLfSrR",
        "senderAddress": "0x2455eC6700092991Ce0782365A89d5Cd89c8Fa22",
        "recipientAddress": "0xe1037B45b48390285e5067424053fa35c478296b",
        "amount": "10.0",
        "amountPaid": "10.0",
        "fee": null,
        "currency": "USD",
        "blockNumber": 6928760,
        "blockHash": "0x5f2e0ed782752b9559e7a3d89c0fb9f6706e4866e74ba7a434cf933bb3f02a2b",
        "hash": "0x94c733496df59c15e5a489f20374096bba31166a8e149ceea4d410e3e5821357",
        "confirmations": 6,
        "confirmed": true,
        "gasPrice": "1201381238",
        "gasUsed": "62159",
        "gasFee": "0.000074676656372842",
        "status": "SUCCESS",
        "type": "DEPOSIT",
        "note": null,
        "amlScreening": {
            "provider": "ofac",
            "status": "success",
            "message": "Address is not sanctioned"
        },
        "assetSwept": null,
        "assetSweptAt": null,
        "assetSweptGasFee": null,
        "assetSweptHash": null,
        "assetSweptSenderAddress": null,
        "assetSweptRecipientAddress": null,
        "assetSweptAmount": null,
        "reason": null,
        "network": "testnet",
        "chainId": 11155111,
        "metadata": {
            "user_id": 1
        },
        "createdAt": "2024-10-23T11:19:58.451Z",
        "updatedAt": "2024-10-23T11:19:58.451Z",
        "asset": {
            "id": "fe04a28c-c615-4e41-8eda-f84c862864f5",
            "name": "USDC Coin",
            "symbol": "USDC",
            "decimals": 6,
            "address": "0x1c7D4B196Cb0C7B01d743Fbc6116a902379C7238",
            "standard": "ERC20",
            "isActive": true,
            "logoUrl": "https://res.cloudinary.com/blockradar/image/upload/v1716800083/crypto-assets/usd-coin-usdc-logo_fs9mhv.png",
            "network": "testnet",
            "createdAt": "2024-05-14T11:53:33.682Z",
            "updatedAt": "2024-06-14T22:32:12.589Z"
        },
        "address": {
            "id": "0a69c48a-6c6f-422c-bd6a-70de3306a3ac",
            "address": "0xe1037B45b48390285e5067424053fa35c478296b",
            "name": "Customer 1",
            "isActive": true,
            "type": "INTERNAL",
            "derivationPath": "m/44'/60'/0'/0/87",
            "metadata": {
                "user_id": 1
            },
            "configurations": {
                "aml": {
                    "status": "success",
                    "message": "Address is not sanctioned",
                    "provider": "ofac"
                },
                "showPrivateKey": false,
                "disableAutoSweep": false,
                "enableGaslessWithdraw": false
            },
            "network": "testnet",
            "createdAt": "2024-10-23T11:13:40.446Z",
            "updatedAt": "2024-10-23T11:13:40.446Z"
        },
        "blockchain": {
            "id": "85ffc132-3972-4c9e-99a5-5cf0ccb688bf",
            "name": "ethereum",
            "symbol": "eth",
            "slug": "ethereum",
            "derivationPath": "m/44'/60'/0'/0",
            "isEvmCompatible": true,
            "logoUrl": "https://res.cloudinary.com/blockradar/image/upload/v1716800081/crypto-assets/ethereum-eth-logo_idraq2.png",
            "isActive": true,
            "tokenStandard": "ERC20",
            "createdAt": "2024-05-14T11:53:33.095Z",
            "updatedAt": "2024-06-14T22:32:11.983Z"
        },
        "wallet": {
            "id": "d236a191-c1d4-423c-a439-54ce6542ca41",
            "name": "Ethereum Master Wallet",
            "description": "This is ethereum testnet master wallet",
            "address": "0x947514e4B803e312C312da0F1B41fEDdbe15ae7a",
            "derivationPath": "m/44'/60'/0'/0/0",
            "isActive": true,
            "status": "ACTIVE",
            "network": "testnet",
            "createdAt": "2024-08-22T09:48:56.322Z",
            "updatedAt": "2024-10-23T10:52:34.332Z",
            "business": {
                "id": "4b96c271-35eb-45e8-b558-6a53f95df601",
                "name": "Test One Inc",
                "sector": "Fintech",
                "status": "ACTIVE",
                "createdAt": "2024-08-22T09:28:37.522Z",
                "updatedAt": "2024-08-22T09:28:37.522Z"
            }
        },
        "beneficiary": null
    }
}

Types of events

Here are the events we currently raise. We would add more to this list as we hook into more actions in the future.

EventDescription
deposit.successA deposit has been successfully made.
deposit.swept.successAn attempt to sweep a deposit into master wallet has been successful.
withdraw.successA withdrawal attempt has been successful.
withdraw.failedA withdrawal attempt has failed.
deposit.swept.failedAn attempt to sweep a deposit into master wallet has failed.


Happy hacking! ❤️