Alert webhooks can send you realtime wallet notifications for your clients. For example, they can be useful for receiving notifications when your clients receive or send EVM transactions. Alert webhooks are easily configured in the Portal Admin Dashboard. If you don't see "Alert Webhooks" in the Portal Admin Dashboard, reach out to our team and we can enable the feature for you.
Configuring alert webhooks
Reach out to our support team and we can enable alert webhooks for your organization.
Navigate to "Settings" > "Alert Webhooks" in the Portal Admin Dashboard and click "New +".
Enter your alert webhook URL:
Select the events you want to receive (e.g. EIP-155 Inbound/Outbound Transactions).
Save your configuration.
Take note of the IP addresses listed on this modal. You can add them to your allowlist to ensure you're only accepting requests from Portal.
Types of alerts
EVM Wallet Transactions
Immediately after configuring the alert webhook with EVM Wallet Transactions selected as an event, Portal starts to listen for any inbound/outbound EIP-155 transactions for your clients that have an EIP-155 address. From then on when you create a new client with an EIP-155 address, Portal will notify you of their on-chain transactions.
When an EVM transaction occurs, Portal makes a POST request to your configured alert webhook URL with a request body that contains the alert webhook event's details. You will receive 2 alerts per transaction — The first alert is unconfirmed and, once the transaction receives sufficient confirmations, the second alert is confirmed.
EVM Wallet Transactions currently sends alerts with the following use cases:
Receive native tokens (ie. ETH) from another address
Send native tokens (ie. ETH) to another address
Receive non-native tokens (ie. USDC) from another address
Send non-native tokens (ie. USDC) to another address
When a block is unconfirmed, chain reorganizations may occur. If a reorganization happens, the original block's data is replaced with the updated block. This means you might receive an unconfirmed alert without a subsequent confirmed alert for the same transaction if this happens.
See the table below for all EVM chains we support for EVM Wallet Transactions alerts.
Name
Chain ID
Blocks until confirmed
Ethereum
eip155:1
12
Ethereum Sepolia
eip155:11155111
18
Polygon
eip155:137
100
Polygon Amoy
eip155:80002
100
Arbitrum
eip155:42161
18
Arbitrum Sepolia
eip155:421614
600
Optimism
eip155:10
500
Optimism Sepolia
eip155:11155420
600
Base
eip155:8453
100
Base Sepolia
eip155:84532
100
Headers:
Name
Type
Description
Content-Type*
String
application/json
X-WEBHOOK-SECRET*
String
You can find the alert webhook secret in the Portal Admin Dashboard on the "Settings" page under the "Alert Webhooks" section.
After enabling Pre-Signatures, Portal will make a request to your configured alert webhook URL any time that one of your Portal wallets attempt to sign. This request will contain the chainId, clientId, and signingRequest, which you can use to derive if the signing request should be allowed to continue.
You must respond with a status code of 200-299 for the signing request to continue. To deny the request, you must respond with a 400 status code. If any other status code is received, or if 30 seconds passes with no response from your API, we will deny the signing request.
If your API does not respond to Pre-Signature alerts, your Portal clients' signing requests will be denied to ensure Portal only continues processing the signing request when your API gives explicit permission to do so.
Headers:
Name
Type
Description
Content-Type*
String
application/json
X-WEBHOOK-SECRET*
String
You can find the alert webhook secret in the Portal Admin Dashboard on the "Settings" page under the "Alert Webhooks" section.
Here are a few considerations to ensure your alert webhooks are implemented securely:
Alert webhook URLs must use HTTPS.
Verify that each alert webhook request has the expected X-WEBHOOK-SECRET header value. You can find the secret for your alert webhook in the Portal Admin Dashboard.
Restricting requests on your alert webhook server to only those from Portal's IP addresses protects against requests from other parties. Configure your alert webhook server to only accept inbound connections from our IP addresses. Portal always makes requests from the IP addresses 35.203.150.117, 104.155.171.139 or 35.185.20.23.
Example Implementation
We provide a reference implementation of alert webhooks using TypeScript and Express. This example demonstrates best practices for handling alert webhook events, including:
🔒 IP address verification
🔑 Webhook secret validation
⚡ Async event processing
You can use this as a starting point for your own implementation:
git clone https://github.com/portal-hq/portal-alert-webhooks-example
cd portal-alert-webhooks-example
npm install
FAQ
What if I miss an alert webhook event?
If your alert webhook is down or is not responding with 2xx status codes, Portal will retry sending the alert webhook event in intervals.
If your alert webhook fails to receive the event:
You can find all of your alert webhooks using this endpoint.
You can then find an alert webhook's associated events using this endpoint.
You can replay the exact alert webhook event that failed to be delivered using this endpoint.
Should I process webhook events before responding?
No. Please acknowledge webhooks as quickly as possible. If you need to process the alert webhook event you receive, process it after responding to Portal with a 2xx status code. (We only wait up to 10 seconds to receive a response before considering the alert webhook event's delivery as failed.)
Support
And that's it! 🎉 You've now implemented alert webhooks and are receiving realtime wallet notifications for your Portal clients! As always, please reach out to our team if you have any questions.
Click "New +" in the "Alert Webhooks" section.
Enter your webhook URL, select the events, and click "Create".
