Test webhook signature verification

curl --request POST \
  --url https://sandbox.elementpay.net/webhooks/test \
  --header 'Content-Type: application/json' \
  --header 'X-Webhook-Signature: <x-webhook-signature>' \
  --data '{
  "ping": "pong"
}'

{
  "status": "success",
  "message": "Webhook received and verified",
  "data": {
    "event": "order.settled",
    "request_id": "e1a9..."
  }
}

POST

webhooks

test

Test webhook signature verification

curl --request POST \
  --url https://sandbox.elementpay.net/webhooks/test \
  --header 'Content-Type: application/json' \
  --header 'X-Webhook-Signature: <x-webhook-signature>' \
  --data '{
  "ping": "pong"
}'

{
  "status": "success",
  "message": "Webhook received and verified",
  "data": {
    "event": "order.settled",
    "request_id": "e1a9..."
  }
}

How to test (recommended, no secrets in the docs UI)

Set WEBHOOK_SECRET in your server env.
Use one of the client snippets below to sign and POST a JSON payload to your webhook endpoint (or to this /webhooks/test route) with X-Webhook-Signature: t=<ts>,v1=<base64sig>.
Expect 200 with Webhook received and verified.

The signature is computed as base64(HMAC_SHA256(secret, ${ts}.$ )) with a ±5 minute tolerance.

Try It: Avoid entering secrets in the public Try It UI; run the snippet locally instead.

Headers

X-Webhook-Signature

string

required

Signature header in the format t=<unix_ts>,v1=<base64sig>.

X-Webhook-Event

string

Event type (e.g., order.settled).

X-Webhook-Id

string

Unique request id for idempotency/debugging.

Body

application/json · object

Response

200

application/json

Verified

The response is of type object.

Get order by order_id Supported chains

Endpoints

Headers

Body

Response