Introduction

Quidax uses Webhooks to communicate updates on transactions, incoming deposits, withdrawals, instant orders, and wallet creation, initiated with the API, and kick off additional workflows based on these events. Each time an event that you listen to occurs, Quidax submits a POST request to the designated Webhook URL with information about the event.

🚧

Signature Secret

We highly recommend you add in your signing secret in other to confirm that every request coming to that dedicated endpoint is coming from us, and not someone trying to maliciously attack your application.

const [timestampSection, signatureSection] = req.headers['quidax-signature'].split(',');

const [timestampPrefix, timestamp] = timestampSection.split('=');

const [signaturePrefix, signature] = signatureSection.split('=');

const requestBody = JSON.stringify(req.body);

const payload = `${timestamp}.${requestBody}`;

const created_signature = crypto.createHmac('sha256', quidax_webhook_key).update(payload).digest().toString('hex');

if (signature === created_signature) {
  // Execute program
}