4
Handling Webhooks

SaligPay sends webhook notifications to update you about payment status changes. Set up a webhook endpoint to receive these updates and update your database accordingly.

Webhook Payload Structure

The webhook payload contains comprehensive information about the payment transaction and its current status:

Sample payment webhook event

{
  "event": "payment.updated",
  "timestamp": "2026-02-12T07:16:00.000Z",
  "data": {
    "id": "pay_01HZX0AT8B",
    "status": "COMPLETED",
    "amount": 125000,
    "currency": "PHP",
    "reference_id": "ORD-10293"
  }
}

Webhook Handler Implementation

Implement a webhook handler to process these notifications:

Express webhook endpoint

app.post("/api/checkout/webhook", async (req, res) => {
  const event = req.body;

  if (event.event === "payment.updated") {
    await updateOrderByReference(event.data.reference_id, event.data.status);
  }

  res.status(200).json({ received: true });
});

Security Tip: Always verify webhook signatures to ensure the request comes from SaligPay and hasn't been tampered with.

Verify HMAC signature

To ensure webhook security, verify the signature:

Verify HMAC signature

import crypto from "node:crypto";

function verifySignature(rawBody: string, signature: string, secret: string) {
  const expected = crypto.createHmac("sha256", secret).update(rawBody).digest("hex");
  return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
}

Previous: Displaying Checkout

Next: Verifying Payments

4Handling Webhooks

Webhook Payload Structure

Webhook Handler Implementation

Verify HMAC signature

4
Handling Webhooks