In this page you'll find all the information you need to set up a webhook.
Our API sends real-time notifications (webhooks) when the status of a transaction changes.
There's a table below that will help you understand the params we send to your URL.
Important:
• The webhook always waits for an HTTP 200 response to consider the communication successful.
• If the communication fails, the retry policy is as follows:
• Every 5 minutes, up to 3 attempts.
• If still unsuccessful, retries occur hourly for 24 hours.
| Params | Description |
|---|---|
| endpoint | URL where the notification should be sent. |
| method | HTTP method used for the request (POST). |
| status | Defines which transaction statuses are communicated. Possible values: PAID, REFUND, ERROR, CANCEL, EXPIRED. |
| encrypt | Determines whether the request body should be encrypted (true/false). |
Here's an endpoint example (Prestashop) below:
https://nome-da-loja.com/modules/eupagogateway/callback/callback.php
List of Callback:
https://customer.support.eupago.com/servicedesk/customer/portal/5/article/1061289985
Data Format:
For POST requests: data is sent in the JSON request body.
| Params | Type | Description |
|---|---|---|
| transactions | Object | Contains transaction information. |
| channel | Object | Contains information about the channel associated with the transaction. |
| data | String | Contains encrypted information (when encrypt=true). |
Note: When encrypt=true, the data field contains encrypted text, which when decrypted returns the full JSON structure of the transaction and channel.
Transaction Object Structure (transactions)
| Params | Type | Description |
|---|---|---|
| entity | Integer | Transaction entity. |
| reference | Integer | Transaction reference number. |
| identifier | String | Identifier assigned by the integrator when creating the transaction. |
| method | String | Payment method: Multibanco Mbway CreditCard Pix GooglePay ApplePay |
| amount | Object | Object containing the transaction amount and currency. |
| fees | Object | Object containing the fees amount and currency. |
| date | Datetime | Transaction date and time (UTC). |
| trid | Integer | Transaction ID. |
| status | String | Transaction status: Paid Refund Error Cancel Expired |
Channel Object Structure (channel)
| Params | Type | Description |
|---|---|---|
| name | String | Name of the channel associated with the transaction. |
Decryption (AES-256-CBC)
When encryption is enabled:
• The request body is encrypted using AES-256-CBC (symmetric encryption).
• To decrypt, you need:
1. Base64-encoded text in the data field.
2. Initialization Vector (IV) sent in the request headers as X-Initialization-Vector.
3. The previously generated encryption key.
Example PHP code for decryption is available in EuPago documentation.
function decrypt($encryptedData, $key, $iv) { $cipher = "aes-256-cbc"; $options = OPENSSL_RAW_DATA; $decryptedData = openssl_decrypt(base64_decode($encryptedData), $cipher, $key, $options, base64_decode($iv)); return $decryptedData; }
Authenticity and Integrity
• The request headers include X-Signature with an HMAC SHA-256 signature.
• This ensures that the data has not been tampered with during transmission.
function verifySignature($data, $signature, $key) { $generatedSignature = hash_hmac('sha256', $data, $key,true); return hash_equals($generatedSignature, base64_decode($signature)); }
Check our guide in case you need help around our backoffice.
Should you need more support on this configuration let us know by sending an email ([email protected]) or fill this support form.