Credit notification (e-Collect)

An e-Collect virtual account is a real bank account number that Omniware allocates to you, into which customers (or your own team) can deposit money via UPI / IMPS / NEFT / RTGS. Each inbound credit fires this webhook.

The credit is reflected in your disbursement balance automatically.

Sample payload

{
  "notify": {
    "status": "CREDITED",
    "ecollect_accout_no": "333112261000",
    "bank_reference_number": "205644248481",
    "transfer_type": "UPI",
    "transaction_date": "2022-02-25 18:13:19",
    "transaction_amount": 1,
    "remitter_name": "AKSHAY KUMAR",
    "remitter_account_number": "00001220345016666",
    "remitter_ifsc_code": "SBIN0014000",
    "remitter_note": "NA",
    "api_key": "YOUR_API_KEY",
    "hash": "9B28C03820ED2AB17990AE64ADD4080A66DEAFB80ED1AC097538D1C29096F1696B9A07662259D2F60DACDEDB1FF7EEF4DB8E5388806883F662DA8AE7533CF18D"
  }
}

Verifying the hash

The hash is computed over the inner notify object (everything except the hash field) with the standard SHA512(salt + json_of_body) convention.

import crypto from "node:crypto";

app.post("/webhooks/omniware/credit", express.json(), (req, res) => {
  const { notify } = req.body;
  const sent = notify.hash;
  const { hash, ...rest } = notify;
  const computed = crypto
    .createHash("sha512")
    .update(process.env.OMNIWARE_SALT + JSON.stringify(rest))
    .digest("hex")
    .toUpperCase();

  if (sent !== computed) return res.status(400).end();

  // idempotent processing keyed on bank_reference_number
  res.sendStatus(200);
});

Using the deposit

Use the remitter_account_number + transaction_amount to match the credit against an invoice or wallet top-up on your side. The balance is automatically available for Fund Transfer calls.

note

Make sure the source bank account is whitelisted (see Whitelist source account). Inbound credits from non-whitelisted accounts are bounced.