Skip to main content
POST
/
webhooks
/
test
Test Webhook
curl --request POST \
  --url https://api.fyatu.com/api/v3/webhooks/test \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "event": "card.created"
}
'
{
  "success": true,
  "status": 200,
  "message": "Test webhook delivered successfully",
  "data": {
    "event": "card.created",
    "webhookUrl": "https://example.com/webhooks/fyatu",
    "delivered": true,
    "testData": {
      "appId": "D0H6R7Z6R1C2N5O5",
      "timestamp": "2026-01-15T10:30:00+00:00",
      "_test": true,
      "_note": "This is simulated test data for development purposes only.",
      "cardId": "TEST_CRD8A7B6C5D4E3F2",
      "cardholderId": "TEST_ch_abc123def456",
      "type": "VIRTUAL",
      "brand": "MASTERCARD",
      "currency": "USD",
      "last4": "4532",
      "status": "ACTIVE"
    },
    "note": "This is TEST DATA for development purposes only. All IDs and values are simulated and do not represent real transactions.",
    "signature": {
      "algorithm": "HMAC-SHA256",
      "signedWith": "Your webhook secret",
      "verifyUsing": "hash_hmac(\"sha256\", json_encode($data), $webhookSecret)"
    }
  },
  "meta": {
    "requestId": "req_abc123xyz789",
    "timestamp": "2026-01-15T10:30:00+00:00"
  }
}

Test Webhook

Send a test webhook event to your configured endpoint. This is useful for:
  • Verifying your webhook handler is working correctly
  • Testing signature verification
  • Developing and debugging your integration
All test data is simulated and clearly marked with TEST_ prefixes. These are not real transactions, cards, or cardholders. The only real values are:
  • Your appId
  • The webhook signature (signed with your real webhook secret)

Request

event
string
required
The event type to simulate. Use List Events to see available events for your app type.
curl -X POST https://api.fyatu.com/api/v3/webhooks/test \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "event": "card.created"
  }'

Response

success
boolean
Whether the request was successful
data
object
{
  "success": true,
  "status": 200,
  "message": "Test webhook delivered successfully",
  "data": {
    "event": "card.created",
    "webhookUrl": "https://example.com/webhooks/fyatu",
    "delivered": true,
    "testData": {
      "appId": "D0H6R7Z6R1C2N5O5",
      "timestamp": "2026-01-15T10:30:00+00:00",
      "_test": true,
      "_note": "This is simulated test data for development purposes only.",
      "cardId": "TEST_CRD8A7B6C5D4E3F2",
      "cardholderId": "TEST_ch_abc123def456",
      "type": "VIRTUAL",
      "brand": "MASTERCARD",
      "currency": "USD",
      "last4": "4532",
      "status": "ACTIVE"
    },
    "note": "This is TEST DATA for development purposes only. All IDs and values are simulated and do not represent real transactions.",
    "signature": {
      "algorithm": "HMAC-SHA256",
      "signedWith": "Your webhook secret",
      "verifyUsing": "hash_hmac(\"sha256\", json_encode($data), $webhookSecret)"
    }
  },
  "meta": {
    "requestId": "req_abc123xyz789",
    "timestamp": "2026-01-15T10:30:00+00:00"
  }
}

Test Payload Structure

All test webhooks follow the standard webhook format: 
{
  "event": "card.created",
  "version": "2.0",
  "sign": "hmac_sha256_signature_here",
  "data": {
    "appId": "YOUR_REAL_APP_ID",
    "timestamp": "2026-01-15T10:30:00+00:00",
    "_test": true,
    "_note": "This is simulated test data for development purposes only.",
    // ... event-specific test data with TEST_ prefixes
  }
}

Identifying Test Webhooks

Test webhooks can be identified by:
  1. The _test: true field in the data payload
  2. The _note field explaining it’s test data
  3. All IDs prefixed with TEST_
Your webhook handler should check for _test: true if you want to handle test webhooks differently in production.

Available Test Events

Issuing App Events

# Card events
card.created
card.funded
card.unloaded
card.frozen
card.unfrozen
card.terminated
card.replaced
card.transaction.approved
card.transaction.declined
card.transaction.reversed
card.maintenance_fee_paid

# Cardholder events
cardholder.created
cardholder.updated
cardholder.kyc_submitted
cardholder.kyc_approved
cardholder.kyc_rejected
cardholder.suspended
cardholder.activated

# eSIM events
esim.purchased
esim.activated
esim.topped_up
esim.expired
esim.data_exhausted
esim.data_warning

Collection App Events

# Collection events
collection.initiated
collection.received
collection.failed
collection.expired

# Payout events
payout.initiated
payout.completed
payout.failed

# Refund events
refund.initiated
refund.completed
refund.failed

Verifying the Signature

Even test webhooks are signed with your real webhook secret. Use this to verify your signature verification code: 
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(payload.data))
    .digest('hex');

  return signature === expectedSignature;
}

// In your webhook handler
app.post('/webhooks/fyatu', (req, res) => {
  const { event, sign, data } = req.body;

  if (!verifyWebhook(req.body, sign, process.env.WEBHOOK_SECRET)) {
    return res.status(401).send('Invalid signature');
  }

  // Check if it's a test webhook
  if (data._test) {
    console.log('Received test webhook:', event);
    return res.status(200).send('Test webhook received');
  }

  // Process real webhook...
  res.status(200).send('OK');
});
Your webhook endpoint must return HTTP 200 within 10 seconds for the delivery to be considered successful.

Authorizations

Authorization
string
header
required

JWT access token obtained from /auth/token

Body

application/json
event
string
required

The event type to simulate. Use List Events endpoint to see available events.

Example:

"card.created"

Response

Test webhook sent

success
boolean
Example:

true

status
integer
Example:

200

message
string
data
object
meta
object