Why this page matters Webhooks are the main signal that keeps your app in sync with RampHub. If you get this right, the rest of the trade lifecycle is much easier to trust.
Headers
| Header | Description |
|---|---|
x-ramphub-signature | HMAC-SHA256 signature of the raw request body. |
x-ramphub-event | Lifecycle event name for the delivery. |
x-ramphub-delivery | Unique delivery id for idempotency and retries. |
Signing secret
When you register a webhook endpoint in the business dashboard, RampHub generates a signing secret for that endpoint. Treat that secret as a server-side credential for the system that receives the webhook.- Store the secret in the receiver’s environment or secret manager.
- Never put it in a browser bundle or public config file.
- Copy it when the dashboard reveals it and keep it on the receiving server only.
- Verify
x-ramphub-signatureagainst the raw request body before you trust the payload. - Keep using
monitor-statusas the fallback path when a webhook is delayed or missing. - If you rotate the endpoint secret, update the receiving server immediately.
Events
| Event | Description |
|---|---|
transaction.created | Transaction record created and provider instructions are available. |
transaction.updated | Non-terminal lifecycle update from the provider or settlement flow. Dashboard labels this using the current stage, such as Order placed, Awaiting settlement, Forwarded to provider, Awaiting customer payment, Invoice created, Settling with provider, Marked completed, or Marked failed. |
transaction.completed | Transaction is completed in RampHub. |
transaction.failed | Transaction moved to a failed terminal state. |
Common stage labels
These are the most common labels you will see in the dashboard when a delivery arrives astransaction.updated:
Order placedAwaiting settlementForwarded to providerAwaiting provider funding confirmationAwaiting customer paymentInvoice createdSettling with providerReady for settlementAwaiting user payoutMarked completedMarked failed