Developers

Webhooks

SMTP Wizard uses webhooks to notify your backend when a payment is confirmed and a license is issued.

Payment webhook (Cryptomus)

When a payment is confirmed, Cryptomus posts to:

POST https://buildmysmtp.com/api/cryptomus/webhook

The webhook is verified using an HMAC signature: md5(base64(body) + apiKey). Never trust a webhook without verifying the sign header.

Webhook payload

{
  "status": "paid",
  "order_id": "a1b2c3d4e5f6",
  "amount": "110",
  "currency": "USD",
  "payment_amount": "110.00",
  "uuid": "cryptomus-payment-uuid"
}

Signature verification

# PHP
$sign = md5(base64_encode($rawBody) . $YOUR_API_KEY);
if ($sign !== $_SERVER["HTTP_SIGN"]) {
    http_response_code(400);
    exit("Bad signature");
}

Your webhook URL

The webhook URL is automatically set to https://YOURDOMAIN/api/cryptomus/webhook when you create a payment. No manual configuration needed.

Questions? info@buildmysmtp.com