Overview

Webhooks serve as a vital conduit for transmitting real-time notifications or events seamlessly from one application to another. We empower users with the ability to receive prompt and automated notifications through a webhook interface. This comprehensive documentation is crafted to guide you through the process of setting up and configuring your system to listen attentively for notifications from Nomba.

By implementing this webhook integration, you can effortlessly direct notifications to any URL of your preference, allowing for a customized and responsive communication channel between Nomba and your application. The following sections will give you the necessary steps and intricacies involved in harnessing the power of webhooks for real-time updates and event-driven interactions, ensuring a seamless integration experience.

For example, a workflow may include giving value to your customer when a successful payment has been made from a terminal. A webhook can be set up such that you will receive notification of the payment event on your URL and you can proceed to give value to your customer.

Webhooks on your Nomba dashboard

Getting started

Process flow

Webhooks on your Nomba dashboard

Upon the occurrence of an event within a customer’s account, such as a purchase event at a terminal or a transfer event through a web transaction, an HTTP POST call is triggered to the customer’s webhook url. This HTTP POST call includes a message payload and is directed to the URL previously specified during the webhook creation. The message payload encompasses essential components, including request headers and JSON content, providing comprehensive details about the event.

It is good to note that, you must subscribe for the event type you want to get notified on. For example; if you want to get notified on your webhook every time you receive money in your account (across the various channels; pos, web, app, etc.), you must subscribe to the event type Payment success

Event Types

EventEvent typeMeaning
Payment Successpayment_successEvent triggered when a payment is successfully credited to the merchant’s nomba account e.g. Card transaction, PayByTransfer, PayByQR.
Payout Successpayout_successEvent triggered when a payment is successfully debited from the merchant’s account e.g. Funds transfer, Bill payment etc.
Payment Failedpayment_failedEvent triggered when a proposed payment failed in flight.
Payment Reversalpayment_reversalEvent triggered when a payment is reversed from the merchant’s account back to the customer’s account.
Payout Failedpayout_failedEvent triggered when an attempted payout transaction fails to be processed successfully and is not completed.
Payout Refundpayout_refundEvent triggered when a payment is refunded back to the merchant’s nomba account

Request body Headers

The payload sent on a webhook notification contains Nomba-specific headers.

HeaderDescription
nomba-signatureA signature created using the signature key configured while creating the webhook on the Nomba dashboard
nomba-signature-algorithmThe algorithm used to generate the signature. Value is always HmacSHA256
nomba-signature-versionThe version of the signature used. Value is 1.0.0 at the moment. It will keep updating as the signing process updates
nomba-timestampAn RFC-3339 timestamp that identifies when the payload was sent.

The RFC-3339 format specifies that dates should be represented using the year, month, and day, separated by hyphens, followed by a “T” to separate the date from the time, and then the time represented in hours, minutes, and seconds, separated by colons, with an optional fractional second component. Example; 2022-01-01T15:45:22Z

A typical webhook payload will come with the following;

Header KeyHeader Value
nomba-signature0zzATkAuEta5kpKVCExReupW/XglCk/re51P4jiDJ9c=
nomba-sig-value0zzATkAuEta5kpKVCExReupW/XglCk/re51P4jiDJ9c=
nomba-signature-algorithmHmacSHA256
nomba-signature-version1.0.0
nomba-timestamp2023-03-31T05:56:47Z

We recommend configuring the signature key while creating a webhook URL. While this configuration is optional, it is important to configure the keys and verify the signature of the payloads in order to prevent DDoS or Man-in-the-Middle attacks.

HTTP header names are case insensitive. Your client should convert all header names to a standardized lowercase or uppercase format before trying to determine the value of a header.

Request body payload

The content of the payload is a JSON object and it gives details about the event that has been triggered.

{
  "event_type": "<event_type>",
  "requestId": "<request_id>",
  "data": {...}
}
FieldTypeDescription
event_typeStringThe event type that was triggered
request_idString (UUID)A unique request identifier useful for tracking messages
dataObject (JSON)An object describing the details of the triggered event
{
  "event_type": "payment_success",
  "requestId": "999111df-9f20-4cf8-8740-3d2fc43c7149",
  "data": {
    "merchant": {
      "userId": "000000ab-154e-4a11-a0cf-2249fad063e3",
      "walletId": "5f04b9ee600f1c00084affa2",
      "walletBalance": 2903.31
    },
    "terminal": {
      "terminalId": "",
      "terminalLabel": ""
    },
    "transaction": {
      "transactionId": "API-VACT_TRA-067fg-sdf78ghy-fd7f-4567-b404-3122939dc25f",
      "type": "vact_transfer",
      "originatingFrom": "api",
      "rrn": "",
      "transactionAmount": 1000,
      "fee": 5,
      "time": "2024-07-26T18:17:29Z",
      "terminalActionId": "",
      "mcollectionsId": "",
      "merchantTxRef": "",
      "aliasAccountNumber": "0010721887",
      "aliasAccountType": "VIRTUAL",
      "aliasAccountName": "SHARP GUY",
      "terminalSerialNumber": "",
      "cardBank": "",
      "cardIssuer": "",
      "responseCode": "",
      "responseCodeMessage": "",
      "sessionId": "111113240726191726000236980560"
    },
    "customer": {
      "billerId": null,
      "productId": null,
      "bankCode": "000",
      "cardPan": null,
      "network": null,
      "accountNumber": "0123467890",
      "bankName": "Nomba MFB",
      "meterNumber": null,
      "subscriberNumber": null,
      "iucNumber": null,
      "decoderNumber": null,
      "senderName": "JOHN NEE DOE",
      "recipientName": ""
    }
  }
}

Data content

FieldTypeDescription
merchantObject (JSON)Details of the business.
terminalObject (JSON)Details of the terminal involved in the payment/payout.
transactionObject (JSON)Details of the transaction.
customerObject (JSON)Details of the customer involved.

Transaction Object

data.transaction

FieldTypeDescription
transactionIdStringThe unique identifier for the transaction
typeStringThe type of the transaction (e.g., purchase, transfer, etc.)
originatingFromStringThe source of the transaction (e.g., pos, web, app, etc.)
rrnStringRetrieval reference number of the transaction
transactionAmountDoubleThe original amount of the transaction
feeDoubleThe fees associated with processing the transaction
timeDateTimeAn RFC-3339 timestamp indicating when the transaction was initiated
terminalActionIdStringTerminal action identifier, linking a terminal action object
mcollectionsIdStringMerchant collections identifier, linking a merchant collections object
merchantTxRefStringMerchant transaction reference, linking an externally initiated transaction
aliasAccountNumberStringThe account number that received the value
aliasAccountNameStringThe corresponding name of the recipient account number
aliasAccountTypeStringThe type of the recipient account
terminalSerialNumberStringThe serial number of the terminal associated with the recipient account
cardBankStringThe issuing bank of the card used for carrying out the transaction
cardIssuerStringThe card scheme of the card used for this transaction
responseCodeStringThe response code for the transaction
responseMessageStringThe response message for the transaction
sessionIdStringThe sessionId attached to this transaction particularly for NIP Transfers
and can be used for requerying transactions

Terminal Object

data.terminal

FieldTypeDescription
terminalIdStringThe unique identifier for the terminal
terminalLabelStringThe label or display name configured for the terminal by the business

Merchant Object

data.merchant

FieldTypeDescription
userIdStringA unique identifier attributed to your business
walletIdStringThe unique identifier of the account impacted by this event
walletBalanceDoubleThe account balance immediately after the impact of this event. Example: If the account balance before a payment is 100.00 and you received 20.0, the walletBalance will be 120.00

Customer Object

data.customer

FieldTypeDescription
billerIdStringIdentifier of the payment instrument (e.g., card pan, account number)
productIdStringAdditional identifier complementing billerId (e.g., bank code for card payment)
bankCodeStringBank code (e.g., “000”)
cardPanStringCard PAN (if applicable)
networkStringCard network (if applicable)
accountNumberStringAccount number (if applicable)
bankNameStringBank name of recipient account
meterNumberStringMeter number (if applicable)
subscriberNumberStringSubscriber number (if applicable)
iucNumberStringIUC number (if applicable)
decoderNumberStringDecoder number (if applicable)
senderNameStringSender name
recipientNameStringRecipient name
Initiate card transactionsSignature verification (deprecated)