For security reasons, we highly recommend that you complete the signature verification and IP whitelisting when receiving Cobo’s callback messages. You can obtain Cobo’s pubkey by heading to Cobo Custody Web-Wallet-API Callback. For more information on signature verification, refer to /api-references/development/callback-signature.
How many times can an API callback notification be pushed?
Each API callback can be pushed for a maximum of 14 times. The time intervals between each push are incremental, starting at 10-minute intervals and progressively extending to hourly, bi-hourly, and so forth.
Why do I need to configure API callback confirmation?
Given the potential single-point failure risks associated with API servers, we strongly recommend that you maintain a dedicated callback server for configuring API callback confirmation. This not only enhances risk isolation but also facilitates effective internal security control. In the event of an exception during API callback confirmation, Cobo’s 24/7 customer support will provide you with real-time alerts, enabling immediate internal inspection to address any potential security vulnerabilities.