Skip to main content

What are webhooks?

Webhooks let Rolla notify your server in real time whenever one of your deposits or payouts changes status — so you no longer need to poll the transaction endpoints. When an event occurs, Rolla sends an HTTP POST request to a URL you configure, with a JSON payload describing the transaction. Webhooks cover all supported transaction types and corridors:
  • Fiat deposits and payouts (e.g. NGN, USD, XAF)
  • Stablecoin deposits and payouts (USDC) on Solana
Webhooks are available to businesses using the Rolla external API. Events are sent for your deposits and payouts only.

Setting up an endpoint

Configure webhook endpoints from your Rolla Dashboard under API → Webhooks. For each endpoint you provide:
FieldDescription
URLAn https:// endpoint on your server that will receive events
EventsWhich events to subscribe to (see Events)
Sign requestsOptional. When enabled, a signing secret is generated so you can verify signatures. Leave it off and requests are sent unsigned, with no secret
You can register multiple endpoints (for example, separate URLs per environment), enable or disable each one, and (while signing is on) rotate its signing secret at any time.
A signing secret only exists when Sign requests is enabled. If you create an endpoint with signing off and later turn it on, a secret is generated at that point. While signing is enabled, the secret can be viewed any time from the dashboard (API → Webhooks → ⋯ → Reveal secret), so you don’t need to store it elsewhere. If you suspect it’s compromised, rotate it with Regenerate secret — the old secret stops working immediately.

How delivery works

1

A transaction changes status

One of your deposits or payouts is created, completes, or fails.
2

Rolla builds and signs the event

A JSON payload is assembled with the full transaction details and (optionally) signed with your endpoint’s secret.
3

Rolla POSTs to your URL

Your server receives the event. Respond with a 2xx status code as quickly as possible to acknowledge receipt.
4

Failed deliveries are retried

If your endpoint is unreachable or returns a 5xx/429, Rolla retries with backoff.

Responding to webhooks

Your endpoint should return a 2xx HTTP status code to acknowledge receipt. Anything else is treated as a failed delivery.
Acknowledge first, process later. Return 200 immediately and do any heavy work (database writes, downstream calls) asynchronously, so slow processing doesn’t cause a timeout and unnecessary retries. Rolla considers a request failed if it doesn’t complete within 10 seconds.

Request headers

Every webhook request includes these headers:
HeaderDescription
X-Rolla-EventThe event type, e.g. transaction.completed
X-Rolla-Event-IdStable id for this logical event — use it to deduplicate
X-Rolla-DeliveryUnique id for this specific delivery attempt
X-Rolla-SignatureHMAC signature for verification (only when signing is enabled)
User-AgentRolla-Webhooks/1.0

Next steps

Events

The event types and transaction lifecycle.

Payloads

The payload schema and sample events.

Signature Verification

Verify that events genuinely came from Rolla.

Delivery & Retries

Retry behavior, logs, and replay.