> For the complete documentation index, see [llms.txt](https://docs.cryptoix.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cryptoix.io/developers/webhook.md). # Webhook This guide explains how to use API keys and set up webhooks in your Cryptoix merchant dashboard. These tools help you integrate Cryptoix with your own systems or those built by your developers. ## What are API Keys? API keys are like secret passwords that allow your applications to securely communicate with your Cryptoix account. When you use an API key, you're essentially telling Cryptoix, "This application is authorized to perform certain actions on my behalf." Think of it like giving a trusted employee a specific keycard that only opens certain doors in your business. You wouldn't give them a master key to everything, and you certainly wouldn't leave that keycard lying around for anyone to find. ## When Should You Create an API Key? You'll typically need an API key if: * You're hiring a developer to build a custom integration for your business. * You're using a third-party service that needs to connect directly to your Cryptoix account. * You're using a plugin or extension that requires advanced configuration to communicate with your Cryptoix gateway. **Important:** You generally don't need API keys for basic Cryptoix usage, like creating invoices or checking transaction statuses directly within your Cryptoix dashboard. ## API Key Permissions (Scopes) When you create an API key, you can choose what actions it's allowed to perform. These are called "permissions" or "scopes." This is a crucial security feature. For example, you might create one API key that can *only* read transaction data, and another that can *only* create refunds. This way, if one key is compromised, the damage is limited to the actions that key could perform. **For developers:** Your developer will tell you which specific permissions they need for their integration. They can find detailed information on the required scopes in the developer documentation at `developers/authentication.md`. ## Keeping Your API Keys Secure **This is extremely important.** Treat your API keys like you would your bank account password. * **NEVER share your API keys publicly.** This includes posting them on forums, in public code repositories (like GitHub), or anywhere else others can see them. * **NEVER embed API keys directly in browser-side code** (like JavaScript files loaded by your website). Anyone can view this code and steal your keys. * **NEVER include API keys in URLs or query strings.** They can be logged in browser history, server logs, or be visible in network traffic. * **Store API keys securely** on your server or in a secure configuration system. * **Use the principle of least privilege:** Only grant the permissions an API key absolutely needs. * **Rotate or revoke keys** if you suspect they have been compromised or when an integration is no longer needed. When making API requests, use supported headers such as `X-API-Key` or Bearer authentication. Your developer can find more details in the documentation. ## What are Webhooks? Webhooks are automated messages sent from Cryptoix to your own server when specific events happen. Instead of you constantly asking Cryptoix, "Did this payment complete yet?", Cryptoix will proactively tell you, "Yes, this payment just completed!" Think of it like a notification system. When a package is delivered to your home, the delivery service doesn't expect you to keep checking your front door. They send you a notification (an email, an SMS) to let you know it has arrived. Webhooks are similar for your business systems. ## Creating a Webhook Endpoint To receive webhook messages, you need to set up a specific URL on your server that Cryptoix can send data to. This is called a "webhook endpoint" or "callback URL." 1. Open the **Webhooks** area within your merchant dashboard settings. 2. Initiate the process to add a new webhook endpoint. 3. Provide the full URL on your server where Cryptoix should send notifications. For example: `https://your-website.com/cryptoix-webhook-handler`. 4. Select the event types you want to be notified about. These include various notifications related to payments, invoices, refunds, payouts, or transactions. 5. Save your configuration to activate your webhook endpoint. **For developers:** Your developer will be responsible for creating the code on your server that receives and processes these webhook messages. They can find detailed implementation instructions, including exact event names and payload structures, in the developer documentation at `developers/webhooks.md`. ## Viewing Webhook Delivery History Cryptoix keeps a log of all the webhook messages it has sent. This is incredibly useful for troubleshooting. 1. Navigate to the **Webhooks** area in your Cryptoix dashboard settings. 2. You'll see a list of your configured webhook endpoints. For each endpoint, you can view its delivery history. 3. The history will show you if a message was sent successfully, if there was an error, and the timestamp of the attempt. 4. If a webhook failed to deliver (e.g., your server was temporarily down), you can often select that event and choose to **replay** it. This will ask Cryptoix to try sending the notification again. This history helps you and your developer quickly identify why an integration might not be working as expected. ## Rotating or Revoking Credentials **API Keys:** If you need to change an API key or disable it entirely: 1. Access the **API Keys** section within your merchant dashboard settings. 2. Locate the API key you wish to manage. 3. You will typically have options to **revoke** (delete) the key completely. If you need a new key, the recommended process is to create a new API key with the necessary permissions, update your integration to use the new key, and then revoke the old key. **Webhooks:** If you no longer need a webhook notification or want to update the URL: 1. Navigate to the **Webhooks** area in your Cryptoix dashboard settings. 2. Find the webhook endpoint you wish to manage. 3. You can **edit** the URL or the selected events, or **delete** the entire endpoint. Regularly reviewing and managing your API keys and webhooks is a good security practice. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.cryptoix.io/developers/webhook.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.