Withdrawal Verification

With security in mind SwitchWallet goes another step further to verify that every withdrawal event triggered truely comes from the merchant, To ensure this we call the merchant's verificationUrl with the merchant reference parsed to the withdrawal endpoint.

How to set up

1) Set up your Url at your server

How it works,

Our server make http Get request to your verificationUrl

Request sample: YourVerificationUrl?reference={yourUniquelyGeneratedReference-parsed-at-thePoint-ofWithdrawal}

to confirm withdrawal

GET YourDomian/VerificationEndpoint

Query Parameters

Name

Type

Description

// if you are the initiator of the withdrawal
 {
     isVerified :"true" 
     checksum :""
 }

// if you are not the initiator of the withdrawal
 {
     isVerified :"false" 
     checksum :"The-HASH-you-generated"
 }

Here are steps merchant must take to compute the above checksum return as response in the above example for the withdrawal to be successful

Checksum generation process

Hash algorithm = SHA512

Hash your secerteKey, e.g hashedSecreteKey = "Hashed secerteKey"
concat your reference with the withdrawal destination wallet address, e.g var ReferenceAndDestinationWallet_CONCAT = ${merchantReference}:${destinationWallet}
stringToHash = hashedSecreteKey + referenceAndDestinationWallet_CONCAT
var checksum = hashed (StringToHash)

Sample

// C#
using System;
using System.Security.Cryptography;
using System.Text;
					
public class Program
{
public static void Main()
{
string merchantReference = "123456";
string destinationWallet = "0x0fC0c413e80cef85a273930269E70D1B8C6cC178";
string referenceAndDestinationWallet_CONCAT = $"{merchantReference}:{destinationWallet}";
string secretKey = "yoursecretKey";
string hashedSecretKey = HashString(secretKey);
string stringToHash = hashedSecretKey + referenceAndDestinationWallet_CONCAT;
string checksum = HashString(stringToHash);
Console.WriteLine(checksum);
}
	
public static string HashString(string str)
{
    var buffer = Encoding.UTF8.GetBytes(str);
    var hash = SHA512.Create().ComputeHash(buffer);
    return BitConverter.ToString(hash).Replace("-", "").ToUpper();
}

}

//conversion to javascript(Node.js)

const crypto = require('crypto');

function HashString(str) {
  const buffer = Buffer.from(str, 'utf8');
  const hash = crypto.createHash('sha512');
  hash.update(buffer);
  return hash.digest('hex').toUpperCase();
}

const merchantReference = '123456';
const destinationWallet = '0x0fC0c413e80cef85a273930269E70D1B8C6cC178';
const referenceAndDestinationWallet_CONCAT = `${merchantReference}:${destinationWallet}`;
const secretKey = 'yoursecretKey';
const hashedSecretKey = HashString(secretKey);
const stringToHash = hashedSecretKey + referenceAndDestinationWallet_CONCAT;
const checksum = HashString(stringToHash);
console.log(checksum);

2) How to set up verificationUrl

Go to "Settings" >> "ApiKey & Webhook"

Paste your url in the verificationUrl Input box and press the "Update" button beside it

PreviousMerchant Client Withdrawal NextWebhook

Last updated 1 year ago