What is a webhook?

With a webhook you can get messages and notifications instantly delivered to your application. Start by providing a webhook url to your app, subscribe to topics and validate the webhook. You can do this by editing your application and clicking on the webhook tab. In this tab you will also see what the possible topics are which you can subscribe your webhook to.

To make webhook notifications work, your app will need Read notifications permissions.


To authenticate the webhook requests, so you can check if it is a valid request coming from the Cryptohopper Platform, please use the X-Hub-Signature header in the request. The X-Hub-Signature will be a sha512 hashed string of the payload with the app secret as key.

Webhook format

The webhook posts payloads in the following format:

    "app_id": 123,
    "type": "messages",
    "messages": [
            "type": "trade_completed",
            "title": "Hop completed for BTC",
            "message": "Your order has been successfully filled.",
            "data": {"coin":"BTC", ... }


The webhook needs to be validated when you want to save your webhook. For the validation of the webhook the webhook needs to return a 200 http status code and needs to output the same validation code as entered in the webhook form.

The JSON validation message looks as follows, please make sure to output the same validation code as entered in the webhook form.

    "app_id": 123,
    "type": "validate",
    "messages": []

PHP Example


$app_secret = 'ENTER_YOUR_APP_SECRET';
$verification_code = 'MY_VERIFICATION_CODE';

$requestBody = file_get_contents('php://input');
$headers = getallheaders();
$headers = array_change_key_case($headers, CASE_UPPER);
$json = json_decode($requestBody, true);

$signature = hash_hmac('sha512', $requestBody, $app_secret);

if($signature == $headers['X-HUB-SIGNATURE']){
	//valid webhook request
	if($json['type'] == 'validate'){
		// validate webhook
		echo $verification_code;
	}elseif($json['type'] == 'messages'){
		// receive messages
		print_r($json['messages'], true);
		// unkown type
		echo 'Unkown webhook message type.';
	//invalid signature
	echo 'Invalid signature.';