Skip to content


Currently, PayС supports 2 version of callbacks. This document only describes the newer version. All organisations created after 12-01-2018 by default use the new version of callbacks. PayС sign data using organization secret keys. They can be obtained in organization settings. All callbacks are signed live or test secret key according to the mode in which operation has been created.


All webhooks are sent in JSON-API format. It is the same as in public API.

This an example for payment-request operation callback data:



PayС sends signature in X-Signature header. The signature is created by next algorithm:

$signature = base64_encode(sha1($secret . $webhookData . $secret, true));
Where the $secret is one your secrets: test or live, $webhookData is raw json data.


To be sure you got data from PayСore, you should compute the signature using an appropriate secret key and compare with ones from PayС callback data.