Manual Webhook Setup
Casso allows integration with Webhook API that calls to your server. Every time there is a new transaction, Casso will call to the API you have set up to send this transaction information.
Last updated
Casso allows integration with Webhook API that calls to your server. Every time there is a new transaction, Casso will call to the API you have set up to send this transaction information.
Last updated
If you need a payment confirmation, use payOS by Casso
payOS is a specialized solution from Casso for payment confirmation, developed through the integration of VietQR technology, Virtual Account Number, and Open Banking API.
Casso uses Webhooks to notify your application when there is a deposit or withdrawal transaction to your bank account.
Integrating Casso into your application via Webhook involves just three simple steps:
Program a Webhook endpoint to handle Webhook events on your server.
Simulate a new transaction from the bank for testing and ensuring that your webhook endpoint runs correctly.
Register URL of Webhook endpoint on Casso and Go live
You have to:
Create an account on Casso
Link a bank account to Casso
Log in Casso account at my.casso.vn
Access Setting > Integration và click Create Integration (+)
In the list of Integration Options, choose Webhook, then open interface of Integrated Webhook:
In the section Bank receiving Webhook :
Choose the bank account that will be monitored to transmit transaction information.
You can choose All so that Casso System will transmit transaction information of all bank accounts you have linked.
In the step of Entering Webhook information:
Parameter Webhook URL will be the path to the Webhook receiver API on your web server.
Parameter Security Key contains a secret code that every time Casso calls the Webhook URL, Casso will attach this security key to the HTTP Header. You can check the header to get the secret code information to authenticate the validity of the call to the Webhook URL.
Do not use Webhook URL is a path only accessible from the internal network or localhost, 127.0.01, 192.160.1.x ... Webhook URL must be a public path on the Internet.
Click on the Test Call button to have the Casso system send a test transaction to the Webhook URL.
If Casso transmits successfully the Webhook URL, your configuration is valid. Now you can click the Save button to save this configuration.
Strict mode: is an advanced result verification step, when the status code returned is 200, Casso will further check in JSON returned either success : 1 or success : true. If it is 0/false, the system will interpret it as a failure, and Casso will resend the Webhook. If the strict mode is not enabled, when receiving a response of status code 200, Casso will consider it as a successful Webhook transmission.
TIP: During the integration programming process, besides the custom Webhook pointing to your website, you can register another custom Webhook using services such as pipedream.com, webhook.site, ngrok.com to debug information Casso send to Webhook URL.
Casso will make an API call to the Webhook URL every time there is a new transaction. The Webhook URL will need to meet the following requirements:
Must be a public link that is accessible from the internet
The path to use the security protocol HTTPS
If the website uses Cloudfare or DDOS prevention services, note that you must whitelist Casso's IP.
After processing, your webhook should respond with a status code of 200 OK and the response time less than 5 seconds ( Casso will set the timeout for request post transmit webhook to 5s)
If the webhook transmiting fails for some reason, Casso will repeatedly call the webhook for the next 12 hours, the first call will be after 1 minute, and this timeout will increase to the next Fibonacci value every time the retry failed.
In total, Casso will retry a Webhook event up to 17 times. After that, it will skip and mark the Webhook event as FAIL.
If continuous Webhook calls fail for 24 hours, Casso will change the Webhook configuration to PAUSED status. When the Webhook configuration is paused and new transactions occur, these Webhook events will not be executed but instead will be held with the status of HOLDING. After customers fix the system's Webhook event processing issue, they can access the Casso interface to Replay these Webhook events.
If a Webhook configuration is paused for 7 days without being processed, Casso will change the Webhook configuration to Disabled status. Transactions that occur when the Webhook configuration is disabled will not be able to be replayed.
To counter the attack methods of Replay Attack, Does your webhook need to be de-duplicated by checking if a new transaction has been processed before? Each Casso transaction is identified by an id. With a new webhook coming, check anid whether this transaction has been processed before; if it is, then this transaction has been replayed for some reason, just ignore it.
Despite being rare, there will always be a chance that the webhook will fail. To avoid the case of missed transactions, Developers might consider providing Full Transaction Tracing by using the API to download transactions and check if there are any missed transactions. See more in Create Auth Cod Manually or OAuth 2
Casso will transmit data into the Webhook URL you declared with JSON format data, where the data field will store an array of new transactions.
Notice: If there is a new transaction, Casso will still send through an array containing 1 new transaction element.
Some resources you can refer to program the webhook handling module Webhook Event Handler.
Start now!
No.
Description
Link
1
Source code Webhook Event Handler sample written in PHP
2
Source code Webhook Event Handler sample written in Java
Updating. Please contact us.
3
Source code Webhook Event Handler sample written in NodeJS
Updating. Please contact us.
4
Woocommerce Plugin Official Source CodeCasso – Automatic confirmation of bank transfer payments
