VULT Webhook

curl -X POST "https://olive-gateway-a6ba.onrender.com/webhooks/vult/cashin" \
  -H "Content-Type: application/json" \
  -H "X-VULT-Signature: sha256=abc123..." \
  -H "X-VULT-Timestamp: 1704067200" \
  -d '{
    "reference": "VULT-123456",
    "phone": "+23279123456",
    "amount": 50000,
    "currency": "SLE"
  }'

{
  "success": true,
  "transaction_id": "txn_vult_123",
  "message": "Cash-in processed successfully"
}

POST

webhooks

vult

cashin

curl -X POST "https://olive-gateway-a6ba.onrender.com/webhooks/vult/cashin" \
  -H "Content-Type: application/json" \
  -H "X-VULT-Signature: sha256=abc123..." \
  -H "X-VULT-Timestamp: 1704067200" \
  -d '{
    "reference": "VULT-123456",
    "phone": "+23279123456",
    "amount": 50000,
    "currency": "SLE"
  }'

{
  "success": true,
  "transaction_id": "txn_vult_123",
  "message": "Cash-in processed successfully"
}

Receive cash-in notifications from VULT processor. This webhook is called when a user deposits funds via VULT.

Request

X-VULT-Signature

string

required

HMAC-SHA256 signature of the request body

X-VULT-Timestamp

string

required

Request timestamp for replay attack prevention

Body Parameters

reference

string

required

VULT transaction reference

phone

string

required

User phone number (E.164 format)

amount

integer

required

Amount in minor units (e.g., cents)

currency

string

required

Currency code (e.g., SLE)

Response

success

boolean

Whether the cash-in was processed successfully

transaction_id

string

OLIVE transaction ID for the deposit

Examples

curl -X POST "https://olive-gateway-a6ba.onrender.com/webhooks/vult/cashin" \
  -H "Content-Type: application/json" \
  -H "X-VULT-Signature: sha256=abc123..." \
  -H "X-VULT-Timestamp: 1704067200" \
  -d '{
    "reference": "VULT-123456",
    "phone": "+23279123456",
    "amount": 50000,
    "currency": "SLE"
  }'

{
  "success": true,
  "transaction_id": "txn_vult_123",
  "message": "Cash-in processed successfully"
}

Signature Verification

Always verify the X-VULT-Signature header before processing:

const crypto = require('crypto');

function verifySignature(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(`sha256=${expected}`)
  );
}

Errors

Status	Code	Description
400	`INVALID_PHONE`	Phone number format invalid
400	`INVALID_AMOUNT`	Amount must be positive
401	`INVALID_SIGNATURE`	Webhook signature invalid
404	`USER_NOT_FOUND`	No user with phone number
409	`DUPLICATE_REFERENCE`	Transaction already processed

Webhooks

WhatsApp Webhook

Overview

Agent-TS

Subscribers

Cards

Wallet

Agents

POS

Compliance

Admin

Webhooks

Fees

PEP Access

Partner API

Processors

Suspicious Transactions

Request

Body Parameters

Response

Examples

Signature Verification

Errors

Overview

Agent-TS

Subscribers

Cards

Wallet

Agents

POS

Compliance

Admin

Webhooks

Fees

PEP Access

Partner API

Processors

Suspicious Transactions

​Request

​Body Parameters

​Response

​Examples

​Signature Verification

​Errors

Request

Body Parameters

Response

Examples

Signature Verification

Errors