Skip to main content
All CollectionsDigital SigningAPI
Postback implementation
Postback implementation
Updated over 2 months ago

The Signhost postback service is meant to provide realtime updates on your transactions. Please refrain from active polling with GET requests to stay up-to-date. If you cannot implement the postback service, or you have any questions regarding the service, please contact support.

The advised way to use our postbacks is by specifying a Postback URL in the web portal.

Advised postback implementation flow

To avoid postback queues for your application, we advise the following flow once a postback arrives at your server:

  1. (If used) Check Postback security header;

  2. Perform checksum validation *:
    - Validate the body is valid JSON, if not move to step 2;
    - Validate the JSON has a Checksum property, if not move to step 2;
    - Validate the Checksum value, if there is a mismatch move to step 2.

  3. Always return a status 2xx OK response*. Skip rest of the steps if the validation failed;

  4. Save verified postback to storage;

  5. Continue business logic.

*This is a security precaution which prevents information on your validation process to return to the - potentially malicious - sender of the postback. Any other response than 2xx will lead to the formation of a postback queue (see below).

What happens if your postback URL is down or can’t accept requests?

If the postback URL does not return a 2xx HTTP response code, more attempts are made to deliver the postback at an increasing time interval. All subsequent postbacks are placed in a postback queue and wait there until the first postback in the queue receives a 2xx HTTP response code.

If a postback is not successfully delivered and is tried again, no other postbacks are sent until the first in the queue succeeds. Once the first postback request is successfully delivered, the queued requests are processed sequentially. If the first postback in the queue cannot be successfully delivered, the entire queue is deleted after 2 days.

Since postback requests can ultimately fail, it’s best to accept and store data on your end (with an HTTP 2xx response to Signhost) for later processing to avoid data loss.

For more information on the checksum please see our documentation.

Our support team is happy to assist you via chat or via support@signhost.com

Did this answer your question?