POST over HTTPS
Only public HTTPS receiver URLs should be used. Localhost and private network targets are blocked by the callback completion layer.
Provider callback receiver examples
Receive the proof, not another promise.
When a paid rail completes, Wever Labs can send a callback envelope to a provider, agent, or workflow system. This page gives builders the receiver contract, safe sample endpoints, and copyable code for accepting the return package, receipt, verification packet, callback hash, and transcript hash.
Builder instruction.Expose a public HTTPS POST endpoint. Accept the callback envelope. Store callback_hash, receipt_hash, receipt_signature, return_package_id, verification_id, and transcript_hash.
Receiver contract
What the receiving system should accept.
A provider callback receiver should accept a JSON POST, store the proof identifiers, and return a small acknowledgment. It should not need access to Stripe secrets, Wever Labs secrets, or raw agent credentials.
Callback event and hash
Receivers should read X-Wever-Callback-Event and X-Wever-Callback-Hash and store them with the body.
Return accepted
Respond with a 2xx status and a JSON acknowledgment when the envelope has been stored.
Required fields to store
Store the identifiers another agent can verify later.
The receiver does not have to understand the whole rail. It only has to preserve the proof trail cleanly.
| Field | Why it matters |
|---|---|
callback_hash | Stable hash of the callback envelope. |
receipt_hash | Proof that the completed movement was recorded. |
receipt_signature | Signed receipt evidence for verification. |
return_package_id | Pointer to the structured work package. |
verification_id | Receipt verification record. |
transcript_hash | Durable summary of the rail call sequence. |
Netlify function receiver
Small serverless receiver example.
This is the simplest provider-side shape for a public HTTPS receiver.
exports.handler = async function(event) {
if (event.httpMethod !== 'POST') {
return { statusCode: 405, body: JSON.stringify({ ok: false, error: 'method_not_allowed' }) };
}
const envelope = JSON.parse(event.body || '{}');
const callbackEvent = event.headers['x-wever-callback-event'];
const callbackHash = event.headers['x-wever-callback-hash'] || envelope.callback_hash;
// Store these fields in your provider database.
const proof = {
callback_event_id: callbackEvent || envelope.callback_event_id,
callback_hash: callbackHash,
receipt_hash: envelope.receipt_hash,
receipt_signature: envelope.receipt_signature,
return_package_id: envelope.return_package_id,
verification_id: envelope.verification_id,
transcript_hash: envelope.transcript_hash
};
return {
statusCode: 200,
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ ok: true, receiver_state: 'accepted', stored_fields: proof })
};
};Try the Wever demo receiver
Use this callback URL to test delivery.
The demo receiver accepts a callback envelope and returns an acknowledgment. It is for testing receiver behavior, not for private customer data.
curl -s -X POST https://weverlabs.com/api/agent-paid-callback-completion \
-H "Content-Type: application/json" \
-d '{
"mode": "complete_paid_rail_run_with_callback",
"rail_key": "packetops",
"movement_type": "transaction",
"movement_amount_units": 200,
"payment_reference": "wallet_reference:demo",
"idempotency_key": "provider-receiver-demo-001",
"callback_url": "https://weverlabs.com/api/provider-callback-receiver-demo",
"callback_payload": { "provider": "demo.receiver", "purpose": "callback_receiver_test" },
"packet_type": "provider_receiver_demo_packet",
"available_documents": ["intake_form", "identity_attestation", "packet_summary"],
"expected_documents": ["intake_form", "identity_attestation", "packet_summary", "authorization_form"]
}' | python3 -m json.tool