> ## Documentation Index
> Fetch the complete documentation index at: https://xaferapi.apacx.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Withdrawal Secondary Confirmation Callback

`NOTIFY_REQUEST_WITHDRAW` (type=2)

When a user initiates a withdrawal request (requiring secondary confirmation), WaaS will request the merchant to perform secondary confirmation through this interface. The merchant needs to return specific withdrawal information in the response, which will determine whether WaaS executes the withdrawal operation.

#### ⚠️ Special Requirements

1. **Independent URL**: Requires separate configuration for this type of callback URL

### Request Parameters

The request sent by WaaS is an **RSA-encrypted Base64 string**. Merchants need to decrypt it using their public key:

<ResponseField name="Withdrawal Secondary Confirmation Request Parameters" type="object">
  <Expandable title="View Full Parameter List">
    <ResponseField name="callBackId" type="String" required="Yes" example="D611657466">
      Merchant must ensure the uniqueness of this callBackId. WaaS will actively callback the merchant carrying this parameter to obtain specific withdrawal order information.
    </ResponseField>
  </Expandable>
</ResponseField>

### Response Parameters

After processing the callback, merchants need to return a JSON-formatted response body. The `data` field must return an **RSA-encrypted Base64 string** (encrypted using the public key provided by WaaS), while other fields are in plain text:

<ResponseField name="Withdrawal Callback Response Parameters" type="object">
  <Expandable title="View Full Parameter List">
    <ResponseField name="apiKey" type="String" required="Yes" example="88c47568-8d24-4983-9b4c-y1ec8b939e9b">
      Merchant API key
    </ResponseField>

    <ResponseField name="data" type="String" required="Yes" example="BDn6Liv5Z4TJ9vjfdRiuq1gaQJuODth3zlC4...">
      Encrypted business data, e.g.: BDn6Liv5Z4TJ9vjfd (refer to example on right)

      Generated by encrypting the following raw business parameters:

      **tenantUserId** (String) : User ID initiating withdrawal (in merchant system, not WaaS system)

      **callBackId** : Merchant must return callBackId to help WaaS with secondary confirmation

      **address** : Withdrawal target address

      **chainName** (String) : Blockchain name

      **symbol** (String) : Token symbol

      **amount** (Integer) : Withdrawal amount

      **type** (String) : Callback type

      **requestUUID** (String) : Unique request identifier, merchant must return the same requestUUID in response to help WaaS confirm
    </ResponseField>

    <ResponseField name="errCode" type="Integer" required="Yes" example="0">
      Global processing status code:
      `0`=Success, non-`0`=Failure
    </ResponseField>

    <ResponseField name="message" type="String" required="Yes" example="">
      Error details (required when failed):

      * Can return empty string when successful
      * Must describe specific error when failed
    </ResponseField>
  </Expandable>
</ResponseField>

***

<RequestExample>
  ```mdx Raw Request Before Encryption
  {
    "business": 0,
    "requestUUID": "f56d2814-7a8f-4dcf-9008-990c1be6e13e",
    "tenantUserId": "bbxuzbc",
    "callBackId": "D611657466",
    "type": 2,
    "trackingId": "102004"
  }
  ```
</RequestExample>

<ResponseExample>
  ```mdx Response Parameter Structure After Decryption
  {
    "apiKey": "88c47568-8d24-4983-9b4c-y1ec8b939e9b",
    "data": "{\"tenantUserId\":\"ryan_test_2\",\"callBackId\":\"D682988196\",\"address\":\"TGDHyoMpgDQj4DmoZdwJP2FSkSG4DEchnK\",\"chainName\":\"TRON\",\"symbol\":\"USDT\",\"amount\":\"3.3\",\"type\":2}"
    "errCode": 0,
    "message": ""
  }
  ```
</ResponseExample>
