Webhooks are linked to your MoonPay Commerce account and are authenticated using a
sharedToken — included as both a Bearer token in the Authorization header and as the key for the HMAC signature in the X-Signature header. You can generate your API key in the dashboard. Webhooks are supported for Pay Links on Solana, Ethereum, Base, Polygon, and BTC, as well as Subscriptions on Solana.Webhook Request Headers
Every webhook delivery includes the following HTTP headers:For a step-by-step guide on verifying the
X-Signature header with code examples in Node.js and Python, see Verifying Webhook Signatures in the Webhooks guide.Pay Link Webhook Payload Example
Our webhooks include detailed information about the transaction and Pay Link — for regular Pay Links there is theCREATED event, and for subscriptions there are the STARTED, RENEWED, and ENDED events.
JSON
Deposit Webhooks
Deposit webhooks cover three categories: transaction events (per deposit), below-minimum alerts (per deposit wallet), and quota alerts (per company).Transaction Events
We emit three webhook events when deposit transactions progress:DEPOSIT_TX_SUBMITTED- when the transaction is broadcast to the network, via swaps.xyz when a bridge or swap is involved.DEPOSIT_TX_CONFIRMED- when the transaction is confirmed on the blockchain.DEPOSIT_TX_ENRICHED- when the transaction is enriched with additional data.
Below-Minimum Deposit Alerts
TheDEPOSIT_BELOW_MINIMUM is sent when funds have been received in a deposit wallet but the balance has not yet reached the minimum amount required for settlement.
Use this event to notify users that additional funds are needed before their deposit can be processed.
When it fires
The event is triggered when:- A deposit wallet receives additional funds.
- The wallet balance is above the dust threshold.
- The balance remains below the minimum amount required for settlement.
Setup
Below-minimum alerts are delivered through the standard Deposit Webhook endpoint.
- Create a deposit webhook using
POST /v1/webhook/deposit/api-key(see Create a Deposit Webhook). - Both deposit-scoped webhooks (with a
depositId) and global webhooks (without adepositId) receiveDEPOSIT_BELOW_MINIMUMwhen subscribed. - New deposit webhooks default to
events: ["ALL"], which includesDEPOSIT_BELOW_MINIMUM. You can subscribe only toDEPOSIT_BELOW_MINIMUMif you prefer. - Authenticate deliveries with
Authorizationand verifyX-Signaturelike other deposit webhooks.
Below-Minimum Payload Example
JSON
Deposit-Customer Quota alerts
Company-level alerts fire when your account approaches its daily deposit-customer creation limit. These are separate fromDEPOSIT_TX_* events: they track how many deposit customers you create per UTC day, not individual deposit transactions.
Setup
Quota alerts are delivered through the standard Deposit Webhook endpoint.
- Create a global deposit webhook using
POST /v1/webhook/deposit/api-keywithout adepositId - Deposit-scoped webhooks (with a
depositId) do not receive quota events. - New deposit webhooks are subscribed to all deposit events (
ALL) by default, which includes quota alerts. If you already have a global deposit webhook, you will receive quota events without further configuration.
Behaviour
- Alerts are triggered as deposit customers are created throughout the day
- Each alert type is sent once per UTC day
- Daily limits reset at midnight UTC
- Once the limit is reached, further create requests return
429until reset
Quota Alert Payload Example
Theevent field is one of DEPOSIT_CUSTOMER_QUOTA_WARNING, DEPOSIT_CUSTOMER_QUOTA_CRITICAL, or DEPOSIT_CUSTOMER_QUOTA_REACHED.
JSON
Deposit Transaction Events & Payloads
These webhook events represent different stages in a deposit transaction lifecycle. The payloads below show the data available at submission, confirmation, and enrichment.DEPOSIT_TX_SUBMITTED- Initial deposit received and processing started.DEPOSIT_TX_CONFIRMED- Deposit has been confirmed and settled.DEPOSIT_TX_ENRICHED- Includes enriched on-chain transaction details for deposit reconciliation, confirmation tracking, and transaction history.
Authenticating Webhooks with Bearer Token
A unique token generated at webhook creation is included with each webhook request as an Authorization: Bearer SHARED_TOKEN header, verifying that the webhook is sent from us.JSON
Retrieving Geolocation from the Webhook Payload
ThesubmitGeolocation field in the webhook payload provides the ISO 3166-1 alpha-2 country code representing the location of the IP address that initiated the transaction. This field is useful for understanding the geographic source of transactions. See the code example below, taken from the webhook payload
JSON
JSON
