***
title: How to Decrypt the Webhook Payload
slug: guides/how-to-decrypt-webhook-payload
subtitle: Verify and decode the encrypted `data` field returned in Transak webhook events
---------------------
For a complete page index, fetch https://docs.transak.com/llms.txt
Transak sends the webhook payload in the `data` field as a signed JWT. To read the actual order or KYC payload, verify the JWT using your **Partner Access Token** and then decode its claims on your backend.
## Before You Start
* Your webhook endpoint must already be configured with Transak.
* You need a valid **Partner Access Token**. Follow [How to Create a Partner Access Token](/guides/how-to-create-partner-access-token).
* Perform verification and decoding only on your **server**. Do not expose the access token in frontend code.
Always verify the JWT signature before trusting any webhook data. Do not decode the payload without verification.
## How It Works
When Transak sends a webhook, the payload includes an encrypted `data` field. Your backend should:
Store the raw `data` field exactly as received from the webhook body.
Use the Partner Access Token as the JWT signing secret.
Verify the webhook `data` field before processing it. Reject the request if signature validation fails.
Once verified, parse the claims to access the original `webhookData` object and event details.
## Code Samples
**NPM Package:** [`jsonwebtoken`](https://www.npmjs.com/package/jsonwebtoken)
```bash
npm install jsonwebtoken
```
```javascript
import jwt from "jsonwebtoken";
// JWT token received from the webhook response's data field
const webhookData = "eyJhbGciOiJIU.eyJ3ZWJob29-rRGF0.W07q-JG6jlyzid4";
// Your Access Token — used as the signing secret
const accessToken = "ACCESS_TOKEN";
// Verify and decode the JWT token
const decodedData = jwt.verify(webhookData, accessToken);
console.log(decodedData);
```
```groovy
dependencies {
implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
implementation 'io.jsonwebtoken:jjwt-impl:0.11.5'
implementation 'io.jsonwebtoken:jjwt-jackson:0.11.5'
}
```
```java
package com.transak.webhookjavamaven;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import javax.crypto.SecretKey;
public class WebhookJavaMavenApplication {
public static void main(String[] args) {
// JWT token received from the webhook response's data field
String webhookData = "eyJhbGciOiJIU.eyJ3ZWJob29-rRGF0.W07q-JG6jlyzid4";
// Your Access Token — used as the signing secret
String accessToken = "ACCESS_TOKEN";
SecretKey key = Keys.hmacShaKeyFor(accessToken.getBytes());
Claims claims = Jwts.parserBuilder()
.setSigningKey(key)
.build()
.parseClaimsJws(webhookData)
.getBody();
System.out.println("Claims: " + claims);
}
}
```
```xml
io.jsonwebtoken
jjwt-api
0.11.5
io.jsonwebtoken
jjwt-impl
0.11.5
io.jsonwebtoken
jjwt-jackson
0.11.5
```
```java
package com.transak.webhookjavamaven;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import javax.crypto.SecretKey;
public class WebhookJavaMavenApplication {
public static void main(String[] args) {
// JWT token received from the webhook response's data field
String webhookData = "eyJhbGciOiJIU.eyJ3ZWJob29-rRGF0.W07q-JG6jlyzid4";
// Your Access Token — used as the signing secret
String accessToken = "ACCESS_TOKEN";
SecretKey key = Keys.hmacShaKeyFor(accessToken.getBytes());
Claims claims = Jwts.parserBuilder()
.setSigningKey(key)
.build()
.parseClaimsJws(webhookData)
.getBody();
System.out.println("Claims: " + claims);
}
}
```
**Package:** [`github.com/golang-jwt/jwt/v5`](https://pkg.go.dev/github.com/golang-jwt/jwt/v5)
```bash
go get github.com/golang-jwt/jwt/v5
```
```go
package main
import (
"encoding/json"
"fmt"
"log"
"github.com/golang-jwt/jwt/v5"
)
func main() {
// JWT token received from the webhook response's data field
webhookData := "eyJhbGciOiJIU.eyJ3ZWJob29-rRGF0.W07q-JG6jlyzid4"
// Your Access Token — used as the signing secret
secretKey := "ACCESS_TOKEN"
token, _ := jwt.Parse(webhookData, func(token *jwt.Token) (interface{}, error) {
return []byte(secretKey), nil
})
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
jsonData, _ := json.MarshalIndent(claims, "", " ")
fmt.Println("Decoded JWT Claims:\n", string(jsonData))
} else {
log.Println("Invalid JWT or claims")
}
}
```
## Sample Decrypted Payload
```json
{
"webhookData": {
"id": "181b6159-2192-4f68-8647-f48e6e8f58c7",
"walletAddress": "0xD902d7eBF7bcE",
"createdAt": "2024-08-23T10:33:09.426Z",
"status": "COMPLETED",
"fiatCurrency": "EUR",
"userId": "243a8ce2-9cc6-41a9-aaeb-b0deeb09a3",
"cryptoCurrency": "ETH",
"isBuyOrSell": "BUY",
"fiatAmount": 32,
"ipAddress": "35.177.158.9",
"amountPaid": 32,
"paymentOptionId": "sepa_bank_transfer",
"walletLink": "https://sepolia.etherscan.io/address/0xD902d7eBF7bcE",
"quoteId": "0b9edf4d-2de1-4f2e-bdb6-07bc61c380f5",
"orderProcessingType": "NORMAL",
"addressAdditionalData": false,
"network": "ethereum",
"conversionPrice": 0.00041416655266757863,
"cryptoAmount": 0.01211023,
"totalFeeInFiat": 2.76,
"fiatAmountInUsd": 35.57,
"countryCode": "IN",
"stateCode": "Karnataka",
"orderChannelType": "WIDGET",
"userKycType": "STANDARD",
"cardPaymentData": {
"orderId": "181b6159-2192-4f68-8647-f48e6e8f58c7",
"paymentId": "66c8656bb38a7908fadc77db",
"pgData": {
"paymentOptions": [
{
"currency": "EUR",
"id": "sepa_bank_transfer",
"name": "Bank Transfer Details",
"fields": [
{ "name": "Bank Name", "value": "Transak Limited" },
{ "name": "IBAN", "value": "GB69MOCK00000003743944" },
{ "name": "Bank Name", "value": "Modulr" },
{ "name": "Bank Address", "value": "Scale Space, 58 Wood Lane, London, W12 7RZ" }
]
}
],
"liquidityProvider": "MODULR",
"status": "CREATED"
},
"liquidityProvider": "MODULR",
"updatedAt": "2024-08-23T10:33:58.753Z",
"status": "CAPTURED",
"processedOn": "2024-08-23T10:33:57.000Z"
},
"statusHistories": [
{
"status": "PENDING_DELIVERY_FROM_TRANSAK",
"createdAt": "2024-08-23T10:33:59.408Z",
"message": "💸 Payment reconciled successfully. Received 32 EUR",
"isEmailSentToUser": false,
"partnerEventId": "ORDER_PROCESSING"
}
],
"isFirstOrder": false,
"updatedAt": "2024-08-23T10:34:06.371Z",
"completedAt": "2024-08-23T10:34:39.412Z",
"transactionHash": "DUMMY_TX_ID",
"transactionLink": "https://sepolia.etherscan.io/tx/DUMMY_TX_ID",
"conversionPriceData": {
"id": "139474c7-99c5-4232-9a05-c6ccd6a973ed",
"createdAt": "2024-08-23T10:34:06.352Z",
"fiatCurrency": "EUR",
"cryptoCurrency": "ETH",
"paymentMethod": "sepa_bank_transfer",
"fiatAmount": 32,
"network": "ethereum",
"cryptoAmount": 0.01211023,
"isBuyOrSell": "BUY",
"conversionPrice": 0.00041416641727771563,
"marketConversionPrice": 0.00041628949369556297,
"slippage": 0.51,
"cryptoLiquidityProvider": "transak",
"fiatLiquidityProvider": "coinbase",
"partnerApiKey": "d79671a4-b021-4a4f-a444-6862a680a94b",
"sourceTokenAmount": 0.012110226041200406,
"sourceToken": "ETH",
"notes": [],
"fiatFeeAmount": 2.76,
"feeDecimal": 0.08625,
"swaps": [
{
"sourceCurrency": "EUR",
"destinationCurrency": "USDT",
"sourceAmount": 32,
"destinationAmount": 35.57563545494966,
"paymentMethod": "sepa_bank_transfer",
"liquidityProvider": "coinbase",
"conversionPrice": 1.111738607967177,
"feeInSourceAmount": 0,
"networkFeeInSourceAmount": 0,
"marketConversionPrice": 1.111738607967177,
"isNonCustodial": false,
"isFiatliquidityProvider": true,
"isFiatPartnerDirectCryptoDeposit": false,
"isFiatPartnerAccountWalletDeposit": false,
"liquidityProviderData": false,
"originalDestinationAmount": 35.57563545494966
},
{
"sourceCurrency": "USDT",
"destinationCurrency": "ETH",
"sourceAmount": 35.57563545494966,
"destinationAmount": 0.0132533253528869,
"liquidityProvider": "transak",
"conversionPrice": 0.0003725393849863884,
"networkFeeInSourceAmount": 0,
"networkFeeInDestinationAmount": 0,
"marketConversionPrice": 0.0003725393849863884,
"liquidityProviderData": false,
"isNonCustodial": false
},
{
"sourceCurrency": "ETH",
"destinationCurrency": "ETH",
"sourceAmount": 0.0132533253528869,
"destinationAmount": 0.0132533253528869,
"liquidityProvider": "transak",
"conversionPrice": 1,
"isCryptoliquidityProvider": true,
"networkFeeInSourceAmount": 0.000067651170404,
"networkFeeInDestinationAmount": 0.000067651170404,
"marketConversionPrice": 1,
"liquidityProviderData": false,
"isFiatPartnerAccountWalletDeposit": false
}
],
"fees": [
{
"name": "Transak fee",
"value": 2.6,
"id": "transak_fee",
"ids": ["transak_fee", "partner_fee"]
},
{
"name": "Network/Exchange fee",
"value": 0.16,
"id": "network_fee",
"ids": ["network_fee"]
}
],
"fiatAmountInUsd": 35.57,
"internalFees": [
{ "name": "Network/Exchange fee", "id": "network_fee", "value": 0.16 },
{ "name": "Transak fee", "id": "transak_fee", "value": 1 },
{ "name": "Transak fee", "id": "partner_fee", "value": 1.6 }
],
"cost": {
"ethPriceInLocalCurrency": 2402.17448469,
"gasCostinLocalCurrency": 0.16334786495892,
"transakMinimumFee": 1,
"transakFeeAmount": 1,
"fiatLiquidityProviderFee": 0,
"gasCostinLocalCurrencyByFiatPartner": 0,
"gasCostinLocalCurrencyByCryptoPartner": 0,
"partnerFeeDecimal": 0.05,
"partnerFeeInLocalCurrency": 1.6,
"totalFeeDecimal": 0.08625,
"totalFeeAmount": 2.76,
"gasCurrency": "ETH",
"gasInNativeToken": 0.000068,
"gasCurrencyRateInUsd": 0.0003744603090795391,
"totalAmountChargedByTransak": 2.76334786495892
}
},
"partnerFeeInLocalCurrency": 1.6
},
"eventID": "ORDER_COMPLETED",
"createdAt": "2024-08-23T10:34:40.070Z"
}
```