Skip to main content
A callback is an automatic notification sent by CryptoProcessing to your system about status changes for deposits, withdrawals, exchange transactions, and invoices.

Processing callbacks

Set up an HTTPS webhook endpoint where CryptoProcessing can send callbacks. Your webhook URL must use HTTPS, use a domain name, and be considered safe by VirusTotal and similar scanners. After you create the endpoint, register it in CryptoProcessing. In your merchant settings, open the Callbacks tab and enter your endpoint address in the Callback URL field. When CryptoProcessing sends a callback to your endpoint, your system should:
1

Validate the callback

Generate an HMAC-SHA512 signature for the callback request body using your secret key, then compare it with the value in the X-Processing-Signature header.
2

Process the event

Check whether the callback is a duplicate by verifying that its transaction ID has not already been processed. If it has not, process the event, for example by updating the customer’s balance in your system.
3

Return HTTP 200 OK

No response body is required.
For additional security, you can whitelist the CryptoProcessing IP addresses used for callback delivery. Contact support for the current list of IP addresses.

Retry schedule

If your system does not respond with HTTP 200 OK to a callback, CryptoProcessing keeps the callback in the sending queue and retries delivery 12 times after the initial attempt. Each retry is scheduled relative to the previous attempt: +1 minute, then +5, +15, +30, +60, +90, +120, +180, +240, +240, +240, +240 minutes. The retry schedule is not configurable.
Last modified on April 28, 2026