x-signature header on every incoming webhook request. Use the Nomad Pay Public Key provided in your dashboard to ensure the request is from Nomad Pay.
Q: What is the expiration time for a payment link? A: By default, payment links generated via the
POST /v1/payments API are valid for 1 hour. If the payment is not completed within this time, the link will expire, and you must create a new payment request.
Q: What should I do if a callback fails? A: If your endpoint responds with anything other than an
HTTP 200 status, we will automatically retry sending the webhook multiple times over 24 hours. Please ensure your endpoint is idempotent (can handle duplicate events) and check the “Webhook Deliveries” log in your dashboard for failure reasons.
Q: Why is my API request failing? A: Please check the following:
- HTTPS: All requests must use
HTTPS. - Anti-Replay: The
noncevalue must be a Unix timestamp in milliseconds and must be greater than your last request. - Signature: Ensure your JSON body is serialized correctly (alphabetical key order, no spaces) before signing with your Ed25519 private key.
Q: What are the recommended timeouts? A: We recommend a
10-second timeout for API requests you send to us, and a 5-second timeout for processing webhooks we send to you.