# bKash Webhook API documentation ## Transcantion check API #### URL > POST {{host}}/api/external/v1/bkash/transactions/check #### Headers > Content-Type : application/json > API-Key : provided-api-key > X-Signature : HMAC-SHA256 signature of the canonicalized JSON payload using JSON Canonicalization Scheme (JCS) as defined by RFC 8785 #### Request payloads > acc_no [string, `required`, `unique`, `max len: 11 characters`] ##### Sample Request & Response : > Request Payload ```json= { "acc_no": "01710000000" } ``` > Success Response with status code `202` ```json= { "code": 200, "message": "transaction allowed", "type": "success" } ``` > Unauthorized error with status code `401`, you will get this error if API-Key mismatched or X-Signature mismatched ```json= { "message": "access denied", "type": "error", "code": 401, "errors": "access denied" } ``` > Internal Server Error ```json= { "code": 500, "message": "Internal Server Error", "type": "error" } ``` ## Transcantion complete Acknowledgement API #### URL > POST {{host}}/api/external/v1/bkash/transactions/complete #### Headers > Content-Type : application/json > API-Key : provided-api-key > X-Signature : HMAC-SHA256 signature of the canonicalized JSON payload using JSON Canonicalization Scheme (JCS) as defined by RFC 8785 #### Request payloads > transaction_id [string, `required`, `unique`, `max len: 32 characters`] > from_account [string, `required`, `max len: 32 characters`] > to_account [string, `required`, `max len: 32 characters`] > amount [integer] > transaction_datetime [integer, `unix time`] > reference [string, `optional`, `max len: 255 characters`] ##### Sample Request & Response : > Request Payload ```json= { "transaction_id": "txn10001011011", "amount": 100, "from_account": "from_acount_number", "to_account": "to_acount_number", "reference": "reference", "transaction_datetime": 1764052011 } ``` > Success Response with status code `202` ```json= { "code": 202, "message": "transaction accepted", "type": "success" } ``` > Validation error response with status code `422` ```json= { "code": 422, "message": "please fix the given errors", "type": "error", "errors": { "amount": [ "amount is invalid" ], "transaction_id": [ "transaction_id is required" ] } } ``` > Unauthorized error with status code `401`, you will get this error if API-Key mismatched or X-Signature mismatched ```json= { "message": "access denied", "type": "error", "code": 401, "errors": "access denied" } ``` > bad request error with status code `400` ```json= { "code": 400, "message": "duplicate transaction id", "type": "error" } ``` > Internal Server Error ```json= { "code": 500, "message": "Internal Server Error", "type": "error" } ```