> For the complete documentation index, see [llms.txt](https://developer.flash-payments.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://developer.flash-payments.com/basics/webhooks/adhoc-webhooks.md). # Ad hoc webhooks When [sending a payment](/fx/payments/send-funds.md), [creating a local withdrawal](/moving-funds/payouts/withdraw-funds.md) or [ordering a conversion](/fx/conversions.md) you can provide us a webhook (callback) URI - `callbackUri`. We will call it when a payment or withdrawal status changes. We recommend API clients to generate and add `?signature=ASecretPerPaymentKey` query to your `callbackUri` to make sure it's Flash Payments calling your webhook endpoint. For example: ``` https://my-webhooks.example.com/flash-payments?signature=oZaDlmfXbdXSKCnuWrvos2ImVBFX2Ru5 ``` To avoid storing the signatures in a database we recommend generating them on the fly using a strong hash function or any kind of cryptography. ## Example {% hint style="info" %} This is just an example. Feel free to sign your URLs the way you want. {% endhint %} You would need to implement two functions. 1. Function to generate "signature". 2. Function to verify the "signature". ### Generating signatures Node.js pseudo code to generate a signature in your integration code. ```javascript const secret = "abcdefg"; function generateSignature(string) { return require("node:crypto") .createHmac("sha256", secret) // your secret key .update(string) .digest("base64"); } const signature = generateSignature(stringIdFromMyDatabase); const callbackUri = "https://my-webhooks.example.com/flashfx?signature=" + signature; const externalId = stringIdFromMyDatabase; // Use both callbackUri and externalId when creating transfers with Flash Payments API ``` The code above creates a `callbackUri` and `externalId` variables. Use both of them when creating a transfer in Flash Payments API. ### Verifying signatures Node.js pseudo code of your webhook HTTP request handler. ```javascript function myCallbackEndpointHandler(req, res) { const signature = req.query.signature; const stringIdFromMyDatabase = req.body.externalId; if (generateSignature(stringIdFromMyDatabase) !== signature) { console.error("Security warning! Webhook endpoint received bad data", req); res.sendStatus(500); return; } // continue with the webhook processing } ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://developer.flash-payments.com/basics/webhooks/adhoc-webhooks.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.