Skip to main content

Notify Order Completion

WeTix sends an HTTP POST request to your registered Notify URL under create movie order request after an order has been successfully completed. This allows your system to react to order events in real time without polling the API.

Request

PropertyValue
MethodPOST
Content-Typeapplication/json
Timeout30 seconds

Headers

HeaderDescription
Content-Typeapplication/json
X-TimestampUnix timestamp (seconds, UTC) when the request was signed.
X-Nonce-StrRandom 32-character alphanumeric string to prevent replay attacks.
X-SignatureHex-encoded HMAC-SHA256 signature. See Webhook Signature Verification.

Payload

{
"eventType": "NOTIFY_ORDER_COMPLETION",
"data": {
"key": "EgpNb3ZpZU9yZGVy...",
"bookingId": "23726052030123",
"transactionId": "1010260520082485598938",
"currencyCode": "MYR",
"totalAmount": 2050,
"bookingAmount": 50,
"payableAmount": 2050,
"status": "COMPLETED",
"qrCode": "1001100111101001101010100101010010011010001110",
"createdAt": "2026-05-20T08:24:35.31643Z",
"lastUpdatedAt": "2026-05-20T08:24:50.883153Z"
}
}

Top-level Fields

FieldTypeDescription
eventTypeStringEvent that triggered this webhook. Always NOTIFY_ORDER_COMPLETION.
dataObjectOrder payload. See Data Fields below.

Data Fields

FieldTypeDescription
keyStringBase64-encoded unique identifier for the order.
bookingIdStringBooking reference ID from the cinema operator.
transactionIdStringWeTix internal payment transaction ID.
currencyCodeStringISO 4217 currency code (e.g. MYR).
totalAmountIntegerTotal order amount in cents.
bookingAmountIntegerBooking fee in cents.
payableAmountIntegerFinal payable amount in cents (including any extra charges).
statusStringOrder status. COMPLETED when successfully confirmed with the operator.
qrCodeStringQR code string for cinema entry, if issued by the operator.
createdAtStringRFC3339 UTC timestamp when the order was created.
lastUpdatedAtStringRFC3339 UTC timestamp of the last order update.

Signature Verification

The X-Signature header is computed as:

signature = HMAC-SHA256(clientSecret, timestamp + nonceStr + base64(body))

Where:

  • clientSecret is your OAuth client secret
  • timestamp is the value of the X-Timestamp header
  • nonceStr is the value of the X-Nonce-Str header
  • base64(body) is the Base64-encoded raw request body (standard encoding)

The resulting bytes are hex-encoded to produce the final X-Signature value.

See Webhook Signature Verification for the full verification guide and code examples.

Retry Behaviour

WeTix retries failed deliveries automatically via a background job that runs every 2 minutes:

PropertyValue
Max attempts5
Min retry interval30 seconds between attempts
Failure conditionNon-2xx response or timeout
Terminal stateMarked FAILED after 5 failed attempts
tip

Return 200 OK immediately and process the payload asynchronously to avoid timeouts and unnecessary retries.

Deduplication

Before delivering a webhook, WeTix checks whether a webhook with the same referenceId and eventType has already been successfully delivered. If one exists with a SUCCESS status, the webhook will not be sent again.

Your endpoint should still be idempotent — processing the same event more than once should produce the same result.

Example Request

POST /your-webhook-endpoint HTTP/1.1
Host: your-domain.com
Content-Type: application/json
X-Timestamp: 1747729475
X-Nonce-Str: aB3dEfGhIjKlMnOpQrStUvWxYz123456
X-Signature: 4e3a1c2b...

{"eventType":"NOTIFY_ORDER_COMPLETION","data":{"key":"EgpNb3ZpZU9yZGVy...","bookingId":"23726052030123","transactionId":"1010260520082485598938","currencyCode":"MYR","totalAmount":2050,"bookingAmount":50,"payableAmount":2050,"status":"COMPLETED","qrCode":"1001100111101001101010100101010010011010001110","createdAt":"2026-05-20T08:24:35.31643Z","lastUpdatedAt":"2026-05-20T08:24:50.883153Z"}}