# Withdrawal Verification

With security in mind SwitchWallet goes  another step further to verify that every withdrawal event triggered truely comes from the merchant, To ensure this we call the merchant's verificationUrl with the merchant reference parsed to the withdrawal endpoint.

## **How to set up**

**1) Set up your Url at your server**

How it works,

Our server make http Get request to your verificationU**rl**&#x20;

**Request sample:** YourVerificationUrl?reference={yourUniquelyGeneratedReference-parsed-at-thePoint-ofWithdrawal}

## to confirm withdrawal

<mark style="color:blue;">`GET`</mark> `YourDomian/VerificationEndpoint`

#### Query Parameters

| Name                                        | Type   | Description                                                    |
| ------------------------------------------- | ------ | -------------------------------------------------------------- |
| reference<mark style="color:red;">\*</mark> | String | yourUniquelyGeneratedReference-parsed-at-thePoint-ofWithdrawal |

{% tabs %}
{% tab title="400: Bad Request " %}

```
// if you are the initiator of the withdrawal
 {
     isVerified :"true" 
     checksum :""
 }
```

{% endtab %}

{% tab title="200: OK " %}

```
// if you are not the initiator of the withdrawal
 {
     isVerified :"false" 
     checksum :"The-HASH-you-generated"
 }
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
Here are steps merchant must take to compute the above checksum return as response in the above example for the withdrawal to be successful
{% endhint %}

**Checksum** generation process

Hash algorithm = SHA512

1. &#x20;Hash  your secerteKey, e.g  hashedSecreteKey = "Hashed secerteKey"
2. concat  your reference  with the withdrawal destination wallet address, e.g var ReferenceAndDestinationWallet\_CONCAT = ${merchantReference}:${destinationWallet}
3. stringToHash = hashedSecreteKey + referenceAndDestinationWallet\_CONCAT
4. var checksum = hashed (StringToHash)

#### **Sample**

```csharp
// C#
using System;
using System.Security.Cryptography;
using System.Text;
					
public class Program
{
public static void Main()
{
string merchantReference = "123456";
string destinationWallet = "0x0fC0c413e80cef85a273930269E70D1B8C6cC178";
string referenceAndDestinationWallet_CONCAT = $"{merchantReference}:{destinationWallet}";
string secretKey = "yoursecretKey";
string hashedSecretKey = HashString(secretKey);
string stringToHash = hashedSecretKey + referenceAndDestinationWallet_CONCAT;
string checksum = HashString(stringToHash);
Console.WriteLine(checksum);
}
	
public static string HashString(string str)
{
    var buffer = Encoding.UTF8.GetBytes(str);
    var hash = SHA512.Create().ComputeHash(buffer);
    return BitConverter.ToString(hash).Replace("-", "").ToUpper();
}

}

```

```javascript
//conversion to javascript(Node.js)

const crypto = require('crypto');

function HashString(str) {
  const buffer = Buffer.from(str, 'utf8');
  const hash = crypto.createHash('sha512');
  hash.update(buffer);
  return hash.digest('hex').toUpperCase();
}

const merchantReference = '123456';
const destinationWallet = '0x0fC0c413e80cef85a273930269E70D1B8C6cC178';
const referenceAndDestinationWallet_CONCAT = `${merchantReference}:${destinationWallet}`;
const secretKey = 'yoursecretKey';
const hashedSecretKey = HashString(secretKey);
const stringToHash = hashedSecretKey + referenceAndDestinationWallet_CONCAT;
const checksum = HashString(stringToHash);
console.log(checksum);

```

### **2) How to set up verificationUrl**&#x20;

#### Go to "Settings"  >>  "ApiKey & Webhook"&#x20;

<figure><img src="/files/QzSes8WghinvwH5g4vFH" alt=""><figcaption></figcaption></figure>

Paste your url  in the verificationUrl Input box and press  the "Update" button beside it


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.switchwallet.io/api-calls/merchant-client-withdrawal/withdrawal-verification.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.