> ## Documentation Index > Fetch the complete documentation index at: https://docs.chip-in.asia/llms.txt > Use this file to discover all available pages before exploring further. # Retrieve a webhook > Retrieve details of a webhook that was previously created. ## OpenAPI ````yaml _openapi-chip-send GET /webhooks/{id} openapi: 3.1.0 info: description: > This is CHIP Send API which enables you to programatically send funds via REST API. It also enables you to register and validate recipient bank accounts. # Prerequisites You will need the credentials to proceeed with this integration, which your CHIP Send Account to be created by CHIP Admin before hand. Please contact your CHIP Account Manager to get the credentials, by providing the details below: 1. Main email 1. List of approvers (email). If you need 2 approvals, please provide both emails. # Basic integration flow 4 things to test the whole integration flow: 1. Call [Accounts API](#/Accounts) 1. Call [Increase Send Limit API](#/Send%20Limits/send_limits_create) 1. Call [Add Bank Account API](#/Bank%20Accounts/bank_accounts_create) 1. Call [Create Send Instruction API](#/Send%20Instructions/send_instructions_create) # Endpoints Make sure to use the correct endpoint depending on the environment you're on. 1. Staging: [https://staging-api.chip-in.asia/api/](https://staging-api.chip-in.asia/api/) 1. Production: [https://api.chip-in.asia/api/](https://api.chip-in.asia/api/) # Credentials You will need 2 details for integration with CHIP Send: 1. **API Key** (used to construct a signing string and Authorization Header) 1. **API Secret** (used to sign the signing string) *You will need your **API Key** that you can obtain in the CHIP Send Dashboard. Please use this key as a bearer token in the Authorization header included in every request:* `Authorization: Bearer `. *Since this API is meant for performing high risk task such as sending payments, extra security measure has to be in place. Hence, you also need **API Secret** to sign the request that you made. This keys will never leave your server and shall be stored securely. For every request, you will need to include **epoch** that contains Unix time and **checksum** that contains hash for epoch signed with API Secret in every request header.* # Epoch value Epoch is a current unix timestamp where it is in seconds and have 10 character length. Example of epoch value is 1689826456. In PHP, epoch value can be retrieved by calling time() function. # Checksum Calculation To generate a checksum, it requires current unix timestamp (`epoch`), `api_key` and `api_secret`. *Note: epoch time must be less than 30 seconds from the current request and at least greater than current time.* Provided an epoch value is `1689826456`, api_key is `e0645c9e-fcf2-4f29-a327-202f7ed3d969` and api_secret is `a118729e-4243-4145-83b3-0b8cb213fe8e`, both epoch and api_key must be concatenated and sign with HMAC SHA512. The string that must be prepared is: `1689826456e0645c9e-fcf2-4f29-a327-202f7ed3d969` The checksum generated is: `45bee62dba8087ab1e7e767d92f8d6e26f8bd19ee5fd2fef6386bb9425976498a86ffdbddb7a49919998e993c20626196ea652320f438a9528d2b8c9d19ec266` Example Postman Pre-Request Script: ```js var epoch = (new Date).getTime(); var epochSecs = Math.floor( epoch / 1000 ); pm.collectionVariables.set("epoch", epochSecs); var data = epochSecs.toString() + environment["api_key"]; var hmacDigest = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA512(data, environment["api_secret"])); pm.collectionVariables.set("checksum", hmacDigest); ``` *Note: JavaScript getTime() is in miliseconds while the unix timestamp is in seconds. Hence, it is required to divide it by 1000.* Example Ruby code: ```ruby epoch = Time.current.to_i application = Application.find_by(slug: "aaa") OpenSSL::HMAC.hexdigest OpenSSL::Digest.new('sha512'), application.api_secret, "#{epoch}#{application.api_key}" ``` Example PHP code: ```php - This is an API to get CHIP Send account information. Depending on your account agreement, you may only have one account. - name: Send Limits description: > Send Limit records incoming (coverted from collection - transaction_type: in) and outgoing (send to recipient - transaction_type: out) transactions in CHIP Send. To be able to send funds to third parties, you must have balance in your CHIP Send Account. Use Increase Chip Send Budget Allocation API to covert settlement (collection) amount to Send Limit. Please note in Staging / UAT environment, your convertible collection amount is set to MYR 1,000.00. In Production, it will reflect your actual upcoming settlement amount. - name: Bank Accounts description: This is an API to manage recipeint bank account details. - name: Send Instructions description: >- This is an API to perform a send instructions. This is the main API that you can benefit from CHIP Send. - name: Groups description: To manage grouping to group company bank account - name: Webhooks description: To manage webhook events for server-to-server notification paths: /webhooks/{id}: get: tags: - Webhooks summary: Retrieve a webhook description: | Retrieve details of a webhook that was previously created. operationId: webhooks_get parameters: - name: epoch in: header description: Unix epoch timestamp required: true schema: allOf: - $ref: '#/components/schemas/UnixTimestamp' - name: checksum in: header description: Refer to checksum calculation required: true schema: type: string - name: id in: path required: true schema: type: integer format: int64 example: 1 responses: '200': description: Successful response content: application/json: schema: $ref: '#/components/schemas/Webhook' example: - id: 1 name: First Webhook public_key: >- -----BEGIN PUBLIC KEY----- MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA6gLlBKxCB5dxPJbinCzl hOfKSgQtOWQQBxmnWIkEVUbqhpnqr3xNYiAvDyMUxYUwuzN44eHO+mR9MZWcSx3c bXmKa3gsOzR6GdcOxMGaVxvfje+fujCAlCtO1BP+A9/FS3KcPgCYG1wtAPwA5IAf HylL3TsUVIJQFBgiBr6N4Bgapr9eloaFfeYIBRsXmxPKAMJivqxYpLh0V3N4ZFd5 TGqSEAa4b1ULDr6p0sB2L3QikTdsF0zp03zNceKA6fXDOzD0xWtg9buXvyKwePK4 M2kcnWBNfsWghrdg0fG3O9bmkaS1oEXydrmJfuiI8h6a64J/1nzooi2yLC9D6Ta0 S63bbuAHymnQtiNuV7Ixp6IoTGFaS88aTiHaP8rdyWV8JTDFx0qeDzyaGWiYGwEF mj/buHCEcRhoajbGkPhYA4YEdn4jy1wZhEr2OMdBPM7mPPI0Hy3hcNJVMVVlrpHe IltQATpjlNaJMlRPjbcaiW7dsO3BuF9ZOMGksSOnyYm/AgMBAAE= -----END PUBLIC KEY----- callback_url": https://yourwebsite.com/route email: email@chip-in.asia event_hooks: - bank_account_status - budget_allocation_status - send_instruction_status created_at: 16197408 updated_at: 16197408 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/UnauthorizedAction' '404': $ref: '#/components/responses/NotFound' components: schemas: UnixTimestamp: type: integer description: Unix timestamp (seconds) format: Unix timestamp (seconds) example: 1619740800 Webhook: type: object description: This is webhook schema properties: id: type: integer format: int64 example: 1 name: type: string minimum: 1 maximum: 256 public_key: readOnly: true allOf: - $ref: '#/components/schemas/PublicKey' callback_url: allOf: - $ref: '#/components/schemas/URL' email: type: string format: email event_hooks: type: array minItems: 1 uniqueItems: true description: List of events to trigger webhook callbacks for. items: $ref: '#/components/schemas/Event' created_at: readOnly: true description: Object creation time in UTC type: string format: date-time updated_at: readOnly: true description: Object creation time in UTC type: string format: date-time PublicKey: type: string description: >- PEM-encoded RSA public key for authenticating webhook or callback payloads readOnly: true example: |- -----BEGIN PUBLIC KEY----- MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA6gLlBKxCB5dxPJbinCzl hOfKSgQtOWQQBxmnWIkEVUbqhpnqr3xNYiAvDyMUxYUwuzN44eHO+mR9MZWcSx3c bXmKa3gsOzR6GdcOxMGaVxvfje+fujCAlCtO1BP+A9/FS3KcPgCYG1wtAPwA5IAf HylL3TsUVIJQFBgiBr6N4Bgapr9eloaFfeYIBRsXmxPKAMJivqxYpLh0V3N4ZFd5 TGqSEAa4b1ULDr6p0sB2L3QikTdsF0zp03zNceKA6fXDOzD0xWtg9buXvyKwePK4 M2kcnWBNfsWghrdg0fG3O9bmkaS1oEXydrmJfuiI8h6a64J/1nzooi2yLC9D6Ta0 S63bbuAHymnQtiNuV7Ixp6IoTGFaS88aTiHaP8rdyWV8JTDFx0qeDzyaGWiYGwEF mj/buHCEcRhoajbGkPhYA4YEdn4jy1wZhEr2OMdBPM7mPPI0Hy3hcNJVMVVlrpHe IltQATpjlNaJMlRPjbcaiW7dsO3BuF9ZOMGksSOnyYm/AgMBAAE= -----END PUBLIC KEY----- URL: type: string format: url example: https://yourwebsite.com/route maxLength: 500 Event: type: string description: >- Available event types and when they are emitted: `bank_account_status`: Emitted when a Company Bank Account status changed. This happens as a result of CHIP processing the company bank account for verification. --- `budget_allocation_status`: Emitted when a Budget Allocation status changed. This happens as a result of approver approve the increment. --- `send_instruction_status`: Emitted when a Company Send Instructions status changed. This happens as a result of CHIP processing the company send instruction with the banks. --- enum: - bank_account_status - budget_allocation_status - send_instruction_status BadRequestResponse: type: object properties: message: type: string example: Bad request code: type: number example: 400 data: type: object example: {} UnauthorizedResponse: type: object properties: message: type: string example: Unauthorized code: type: number example: 401 data: type: object example: {} UnauthorizedActionResponse: type: object properties: message: type: string example: You are not authorized to perform this action code: type: number example: 403 data: type: object example: {} NotFoundResponse: type: object properties: message: type: string example: Record not found code: type: number example: 404 data: type: object example: {} responses: BadRequest: description: Bad request content: application/json: schema: $ref: '#/components/schemas/BadRequestResponse' Unauthorized: description: Unauthorized request content: application/json: schema: $ref: '#/components/schemas/UnauthorizedResponse' UnauthorizedAction: description: Unauthorized action request content: application/json: schema: $ref: '#/components/schemas/UnauthorizedActionResponse' NotFound: description: Record not found content: application/json: schema: $ref: '#/components/schemas/NotFoundResponse' securitySchemes: bearerAuth: type: http scheme: bearer ````