Guides

Webhooks

Suggest Edits

To enable webhooks you must login to Rise app and go to the developer page. There you can add your webhook endpoint where you wish to receive webhook notifications.

Right now, Rise will notify only about these events:

  • Invite accepted
  • Fund received
  • Pay schedule created
  • Payment received
  • Account duplication detected

The webhook payload follow this structure:

{
	type: 'deposit.deposit_received', // event type
	idempotent_key: '0x012321', // hash that represents idempotent key for this event
	company_id: 1, // company related to this webhook
	timestamp: 1700242816, // unix timestamp of the event
	transaction: {...} // payload, varies depending on type
}

The entity in the payload depend on the event type:

  • deposit.deposit_received entity type transaction
  • payment.payment_sent entity type payIntent
  • pay_schedules.pay_schedule_created entity type paySchedule
  • invites.invite_acceptedentity type invite
  • account_duplicated.detectedentity is account, it will contain user identifiers plus status and date
  • payee.riseid_address_updated User lost access keys and account needs to be verified and reset.

Verification

To verify that a webhook request is coming from Rise, you must check the headers x-rise-hashand x-rise-signature, which are the payload hash and its respective signature, signed with a Rise's private key, you can verify the signature and the hash by using Rise's public key found in the developer page.

Below is an example showing how to verify a payload signature from Rise:

router.post(
	'/webhook-handler/rise',
	async (req, res, next) => {
		const body = req.body
		const hash = req.headers['x-rise-hash']
		const signature = req.headers['x-rise-signature']

		// verify hash
		const  bodyHash = ethers.id(JSON.stringify(body))
		if (bodyHash !== hash) {
			return res.status(400).send('Invalid hash')
		}

		// verify signature
		const riseSigner = '0x1234' // get this in your rise app developer dashboard
		const recoveredAddress = ethers.verifyMessage(hash, signature)
		if (recoveredAddress !== riseSigner) {
			return res.status(400).send('Invalid signature')
		}
		return res.json('ok')
	}
)

Updated 3 days ago