Documentation Index Fetch the complete documentation index at: https://docs.yativo.com/llms.txt
Use this file to discover all available pages before exploring further.
Yativo Crypto fires webhook events for every significant state change across wallets, transactions, cards, IBAN accounts, and system events. Configure webhooks once and your server stays in sync without polling.
For webhook management (creating, updating, deleting webhook endpoints), see the Webhook Management docs. This page covers the crypto-specific event types and their payloads.
interface Webhook { webhook_id : string ; url : string ; events : string []; // ["*"] for all events secret : string ; // only returned at create time or GET single enabled : boolean ; description ?: string ; last_success_at ?: string ; last_failure_at ?: string ; consecutive_failures : number ; created_at : string ; updated_at : string ; } interface CreateWebhookRequest { url : string ; // required — must be HTTPS events ?: string []; // default ["*"] — all events description ?: string ; } type WebhookEventType = // Deposits | "deposit.detected" | "deposit.confirmed" // Transactions | "transaction.initiated" | "transaction.submitted" | "transaction.failed" // IBAN | "iban.activated" | "iban.transfer.received" // KYC | "kyc.submitted" | "kyc.approved" | "kyc.rejected" | "kyc.pending_review" // Card lifecycle | "card.created" | "card.activated" | "card.frozen" | "card.unfrozen" | "card.voided" | "card.lost" | "card.stolen" | "card.cancelled" | "card.deactivated" // Card transactions | "transaction.authorized" | "transaction.declined" | "transaction.settled" | "transaction.reversed" | "transaction.refund.created" // Customer & master wallet funding | "customer.funded" | "customer.funding.failed" | "customer.balance.updated" | "master_wallet.deposit" | "master_wallet.swap" | "master_wallet.customer_funded" ;
Crypto Event Types Deposit Events Event Fired When deposit.detectedAn inbound transaction is detected on-chain (unconfirmed) deposit.confirmedAn inbound transaction has reached sufficient block confirmations
Transaction Events Event Fired When transaction.initiatedAn outbound transaction has been created and queued transaction.submittedA transaction has been broadcast to the blockchain transaction.failedA transaction failed for any reason transaction.{type}.completedA transaction of the given type completed (e.g. transaction.withdrawal.completed)
Card Events Event Fired When card.createdA new card has been issued card.activatedA card has been activated and is ready to use card.frozenA card has been temporarily frozen card.unfrozenA frozen card has been re-enabled card.voidedA card has been voided card.lostA card has been marked as lost card.stolenA card has been reported stolen card.cancelledA card has been cancelled card.deactivatedA card has been permanently deactivated transaction.authorizedA card transaction has been authorized transaction.declinedA card transaction was declined transaction.settledA card transaction has settled transaction.reversedA card transaction has been reversed transaction.refund.createdA refund has been initiated for a card transaction customer.fundedA card customer’s balance has been topped up customer.funding.failedA funding transfer to a customer’s card wallet failed customer.balance.updatedA card customer’s balance has changed master_wallet.depositA deposit arrived in the card program master wallet master_wallet.swapA swap executed in the card program master wallet master_wallet.customer_fundedMaster wallet funds allocated to a customer
IBAN Events Event Fired When iban.activatedAn IBAN account has been activated and is ready to receive funds iban.transfer.receivedA SEPA transfer has been received into the IBAN account
KYC Events Event Fired When kyc.submittedA KYC submission has been received kyc.approvedA KYC check has been approved kyc.rejectedA KYC check has been rejected kyc.pending_reviewA KYC submission is awaiting manual review
Webhook Payload Examples All payloads share the same envelope structure:
{ "id" : "evt_01abc123" , "type" : "<event_type>" , "created_at" : "2026-03-26T10:05:00Z" , "data" : { ... } }
deposit.confirmed { "id" : "evt_01abc123" , "type" : "deposit.confirmed" , "created_at" : "2026-03-26T10:05:00Z" , "data" : { "asset_id" : "asset_01xyz789" , "account_id" : "acc_01abc123" , "chain" : "solana" , "ticker" : "USDC_SOL" , "amount" : "250.00" , "from_address" : "9WzDXwBbmkg8ZTbNMqUxvQRAyrZzDsGYdLVL9zYtAWWM" , "to_address" : "7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAsU" , "tx_hash" : "5KtP3jNHGXi8YmD2L9sRZVAoWqFcBe4TrKlUvJpMxNy" , "confirmations" : 1 , "new_balance" : "750.00" } }
transaction.failed { "id" : "evt_03ghi789" , "type" : "transaction.failed" , "created_at" : "2026-03-26T10:10:00Z" , "data" : { "transaction_id" : "txn_02stu789" , "chain" : "ethereum" , "ticker" : "USDC" , "amount" : "1000.00" , "error_code" : "insufficient_balance" , "error_message" : "Wallet balance (400.00 USDC) is less than requested amount (1000.00 USDC)" } }
transaction.settled { "id" : "evt_05mno345" , "type" : "transaction.settled" , "created_at" : "2026-03-26T11:00:00Z" , "data" : { "card_id" : "card_01abc" , "transaction_id" : "card_txn_01xyz" , "merchant_name" : "Amazon" , "merchant_category" : "Shopping" , "amount" : "49.99" , "currency" : "USD" , "status" : "settled" , "new_balance" : "450.01" } }
iban.transfer.received { "id" : "evt_06pqr678" , "type" : "iban.transfer.received" , "created_at" : "2026-03-26T12:00:00Z" , "data" : { "iban_id" : "iban_01abc" , "iban_number" : "DE89370400440532013000" , "amount" : "1000.00" , "currency" : "EUR" , "sender_name" : "John Smith" , "sender_iban" : "GB29NWBK60161331926819" , "reference" : "Invoice #INV-2026-042" , "received_at" : "2026-03-26T12:00:00Z" } }
gas.low { "id" : "evt_07stu901" , "type" : "gas.low" , "created_at" : "2026-03-26T11:00:00Z" , "data" : { "station_id" : "station_01abc123" , "chain" : "ethereum" , "ticker" : "ETH" , "balance" : "0.08" , "balance_usd" : "200.00" , "threshold" : "0.10" } }
Signature Verification Every webhook delivery is signed with a timestamp to prevent replay attacks. Two headers are sent:
Header Value X-Yativo-Signaturesha256=<hmac>X-Yativo-TimestampUnix timestamp (seconds)
The HMAC is computed over "${timestamp}.${JSON.stringify(payload)}":
import crypto from 'crypto' ; function verifyWebhookSignature ( payload : object , signature : string , // value of X-Yativo-Signature header timestamp : string , // value of X-Yativo-Timestamp header secret : string // your webhook secret (starts with whsec_) ) : boolean { // Reject if timestamp is more than 5 minutes old const ts = parseInt ( timestamp , 10 ); if ( Math . abs ( Date . now () / 1000 - ts ) > 300 ) return false ; const signedPayload = ` ${ timestamp } . ${ JSON . stringify ( payload ) } ` ; const expected = 'sha256=' + crypto . createHmac ( 'sha256' , secret ) . update ( signedPayload ) . digest ( 'hex' ); return crypto . timingSafeEqual ( Buffer . from ( signature ), Buffer . from ( expected ) ); }
See the Webhook Integration guide for Python and PHP examples.
Setting Up Webhooks All events — deposits, swaps, card lifecycle, card transactions, customer funding — are delivered through a single webhook service. Register once at POST /v1/webhook/create-webhook and subscribe to any combination of event types.
The HTTPS endpoint to receive events.
Event slugs to subscribe to. Pass ["*"] (or omit) to receive all events.
Optional label for this subscription.
curl -X POST https://crypto-api.yativo.com/api/v1/webhook/create-webhook \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "url": "https://your-server.com/webhooks/yativo", "events": ["deposit.confirmed", "transaction.authorized", "transaction.settled", "card.created"], "description": "Production webhook" }'
{ "status" : true , "message" : "Webhook created successfully" , "data" : { "webhook_id" : "664abc123def456789000001" , "url" : "https://your-server.com/webhooks/yativo" , "events" : [ "deposit.confirmed" , "transaction.authorized" , "transaction.settled" , "card.created" ], "secret" : "whsec_abc123def456..." , "created_at" : "2026-03-26T10:00:00.000Z" } }
Store the secret securely. It is also retrievable later via GET /v1/yativo-card/webhooks/:webhookId. Use it to verify X-Yativo-Signature on every delivery.
List card webhooks GET /yativo-card/webhookscurl -X GET https://crypto-api.yativo.com/api/v1/yativo-card/webhooks \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Get a card webhook (includes secret) GET /yativo-card/webhooks/:webhookIdcurl -X GET https://crypto-api.yativo.com/api/v1/yativo-card/webhooks/664abc123def456789000001 \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Update a card webhook PUT /yativo-card/webhooks/:webhookIdcurl -X PUT https://crypto-api.yativo.com/api/v1/yativo-card/webhooks/664abc123def456789000001 \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "events": ["*"], "enabled": true }'
Set "enabled": false to pause delivery without deleting the subscription.
Delete a card webhook DELETE /yativo-card/webhooks/:webhookIdcurl -X DELETE https://crypto-api.yativo.com/api/v1/yativo-card/webhooks/664abc123def456789000001 \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Rotate the signing secret POST /yativo-card/webhooks/:webhookId/rotate-secretGenerates a new secret and invalidates the old one immediately.
curl -X POST https://crypto-api.yativo.com/api/v1/yativo-card/webhooks/664abc123def456789000001/rotate-secret \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Delivery history GET /yativo-card/webhooks/:webhookId/deliveriesQuery params: limit, offset, status, eventType
curl -X GET 'https://crypto-api.yativo.com/api/v1/yativo-card/webhooks/664abc123def456789000001/deliveries?limit=20&status=failed' \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
GET /yativo-card/webhooks/deliveries/all — All deliveries across all subscriptions.Retry a failed delivery POST /yativo-card/webhooks/deliveries/:deliveryId/retrycurl -X POST https://crypto-api.yativo.com/api/v1/yativo-card/webhooks/deliveries/664abc000000000000000099/retry \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
