Webhooks

Introduction

To receive notifications regarding payments' statuses, you will need to provide us with your URL so we can whitelist it on our side. Our whitelisting service will contain the provided URL domain and any change on the domain will break webhook notification. If you use a non-whitelisted domain, you won't receive any webhooks.

If you have added a webhookUrl to the Initialize Payment Session request body, then you will receive on this URL notifications about the status of the payment.

On every main step: “Start payment”, “Risk check” and on payment reaching final status (Completed or Failed) within the Crypto On-Ramp process, Skrill sends details of the transaction to the webhookUrl page you provided in your create session request. This is done with a standard HTTP POST.

Webhook requests sent by Skrill are signed with an OAuth2 token. This means that each request made to the webhook URL includes an authorization header with an OAuth2 token. In the context of webhooks, the OAuth2 token ensures that the requests are indeed coming from Skrill and not from an unauthorized source. The receiving server can validate the OAuth2 token attached to the request to verify the authenticity of the request. This is a crucial security measure to prevent unauthorized access and ensure that the request is indeed coming from Skrill.

Our webhook feature is implemented with a retry mechanism for every stage. If we receive a response different from HTTP status 200, we are going to resend the information of every webhook 10 times in intervals of 6 minutes until we receive a different response.