Skip to main content
There are two ways to track a deposit through the processing pipeline:
  • Polling — query the GET /deposits endpoint filtered by transaction hash. Simple and stateless.
  • Webhooks — receive push notifications as deposits move through each stage. Real-time and event-driven.
Use whichever fits your architecture. Many integrations combine both: webhooks for real-time updates, polling as a fallback or for on-demand status checks.

Polling

Query the GET /deposits endpoint with the txHash parameter to look up a deposit by its source transaction hash.

Response

Each item in the deposits array has the following shape:

Polling loop

Poll until the deposit reaches a terminal status (completed, failed, rejected, refunded, or ignored):
A 1-second interval works well for most use cases. Most deposits complete within seconds.

Webhooks

The deposit service sends webhook notifications to your configured endpoint as deposits move through the processing pipeline. All webhooks are POST requests with Content-Type: application/json. Configure your webhook URL and optional secret via the POST /setup endpoint.

Payload envelope

Every webhook request body follows the same envelope structure:

Event types

deposit-received

Sent when an incoming token transfer is detected on a registered account.

deposit-rejected

Sent when a detected deposit will not be bridged because it violates the account’s deposit whitelist — the token isn’t allowed, or the amount is outside the configured minimum/maximum. It always follows a deposit-received event for the same deposit and is terminal: no bridging is attempted and there is no retry. This is a deliberate rejection, not a processing failure — use it to record the outcome on your side. See error codes for the full list. Compare deposit.amount (what was deposited) against limits (the configured bound) to surface the shortfall or overage to your users.

bridge-started

Sent when a bridging intent is created and submitted to the Orchestrator.

bridge-complete

Sent when tokens have arrived on the target chain.

bridge-delayed

Sent when the bridge provider has not filled the intent within the expected window. A refund is expected on the source chain; the subsequent deposit-refunded event confirms the funds returned.

bridge-failed

Sent when a bridging operation fails. See error codes for the full list and retry behavior.

deposit-refunded

Sent when funds from a deposit are returned to a recipient on the source chain. Typically follows a bridge-delayed event.

error

Sent when an unexpected, unhandled error occurs while processing a deposit — the catch-all in the settlement pipeline. It is not part of the normal lifecycle ordering and may arrive at any point. It carries whatever deposit / account / intent context was available at the point of failure; the optional fields are present only when that context was known. Treat error as a signal that a deposit needs manual attention. Correlate on deposit.transactionHash / intentId and reconcile by polling GET /deposits.

Signature verification

If you provided a webhookSecret during setup, every webhook request includes an X-Webhook-Signature header:
The signature is an HMAC-SHA256 hash computed over the raw JSON request body using your secret. To verify:
  1. Read the raw request body as a string (before JSON parsing)
  2. Compute the HMAC-SHA256 of the raw body using your webhook secret
  3. Compare the result with the value in the X-Webhook-Signature header (strip the sha256= prefix)
  4. Use a constant-time comparison to prevent timing attacks
Always verify against the raw request body string, not a re-serialized version of the parsed JSON. Re-serialization may change key order or whitespace, which will produce a different signature.

Delivery behavior

  • Retries — failed deliveries are retried multiple times before the event is marked failed. Events that exhaust their retries can still be replayed on demand via POST /webhooks/events/{id}/resend, which reuses the original eventId.
  • Ordering — events for a single deposit are sent in lifecycle order: deposit-receivedbridge-startedbridge-complete when it proceeds, or deposit-receiveddeposit-rejected when it won’t be bridged. There is no global ordering guarantee across deposits.
  • URL validation — the webhook URL must use HTTPS and must not target internal or private network addresses.
  • Idempotency — use eventId from the envelope as the canonical dedupe key.

Backfilling missed events

If your receiver was offline or rejected events, replay them through the events API. Every dispatched webhook is persisted regardless of delivery outcome. List events delivered (or attempted) to your URL, newest first:
Re-send a stored event to your URL — the original eventId is reused so dedupe still holds:
For more details, see the API reference for GET /webhooks/events and POST /webhooks/events/{id}/resend.

Conventions

  • EVM addresses and token addresses are lowercase. Non-EVM addresses (Solana, Tron) preserve their original case.
  • All amounts are strings (raw token units, not human-readable).
  • Chains use CAIP-2 identifiers (e.g. "eip155:8453" for Base).