Webhooks

Webhooks allow Zanga to notify your application of asynchronous events, such as a successful mobile money payment or an escrow release.

Configuration

You can configure your Webhook URL in the Platform Details page. Zanga will send a POST request to this URL for every relevant event.

Security (Technical Fortress)

Zanga signs every webhook payload. You MUST verify the signature to ensure the request originated from Zanga and has not been tampered with.

X-Zanga-Signature

Every request includes a X-Zanga-Signature header, which is an HMAC-SHA256 hash of the request body using your platform's Webhook Secret.

const crypto = require('crypto');
const signature = crypto
  .createHmac('sha256', WEBHOOK_SECRET)
  .update(JSON.stringify(req.body))
  .digest('hex');

if (signature !== req.headers['x-zanga-signature']) {
    throw new Error('Forensic Mismatch: Invalid Signature');
}

Retry Policy

If your endpoint does not respond with a 200 OK, Zanga implements a forensic retry schedule:

• 5 retries over 24 hours.
• Exponential backoff.
• Final failure is logged in your Forensic Dashboard.

Supported Events

• payment.success: Triggered when a transaction is successfully settled.
• refund.completed: Triggered when a refund has been processed.
• ledger.update: Triggered when a tenant balance changes.
• payout.failed: Triggered if a bank transfer fails.