Credit notification (e-Collect)
An e-Collect virtual account is a real bank account number that Omniware allocates to you, into which customers (or your own team) can deposit money via UPI / IMPS / NEFT / RTGS. Each inbound credit fires this webhook.
The credit is reflected in your disbursement balance automatically.
Sample payload
{
"notify": {
"status": "CREDITED",
"ecollect_accout_no": "333112261000",
"bank_reference_number": "205644248481",
"transfer_type": "UPI",
"transaction_date": "2022-02-25 18:13:19",
"transaction_amount": 1,
"remitter_name": "AKSHAY KUMAR",
"remitter_account_number": "00001220345016666",
"remitter_ifsc_code": "SBIN0014000",
"remitter_note": "NA",
"api_key": "YOUR_API_KEY",
"hash": "9B28C03820ED2AB17990AE64ADD4080A66DEAFB80ED1AC097538D1C29096F1696B9A07662259D2F60DACDEDB1FF7EEF4DB8E5388806883F662DA8AE7533CF18D"
}
}
The Fund Transfer source guide prose calls the allocated virtual account ecollect_account_number, but the sample webhook payload uses the misspelled key ecollect_accout_no. This page keeps the sample wire key verbatim; confirm your live callback shape before parsing only one spelling.
Verifying the hash
The hash is computed over the inner notify object (everything except the hash field) with the standard SHA512(salt + json_of_body) convention.
import crypto from "node:crypto";
app.post("/webhooks/omniware/credit", express.json(), (req, res) => {
const { notify } = req.body;
const sent = notify.hash;
const { hash, ...rest } = notify;
const computed = crypto
.createHash("sha512")
.update(process.env.OMNIWARE_SALT + JSON.stringify(rest))
.digest("hex")
.toUpperCase();
if (sent !== computed) return res.status(400).end();
// idempotent processing keyed on bank_reference_number
res.sendStatus(200);
});
Using the deposit
Use the remitter_account_number + transaction_amount to match the credit against an invoice or wallet top-up on your side. The balance is automatically available for Fund Transfer calls.
Make sure the source bank account is whitelisted (see Whitelist source account). Inbound credits from non-whitelisted accounts are bounced.