# Incoming Payment Monitor

> Notify when an address receives a payment, and act on it.

- canonical: <https://ai.tatum.io/workflows/incoming-payment-monitor>

## MCP tools

- `get_transaction_history`

## API endpoints

- `POST /v4/subscription`
- `GET /v4/subscription`
- `DELETE /v4/subscription/{id}`

## Steps

1. Subscribe to incoming transactions for the target address via the Notifications API.
2. Configure the public webhook URL and signing secret.
3. On delivery, verify the HMAC signature, dedupe, and process.
4. Maintain subscription lifecycle (rotate secrets, delete on user opt-out).

## Possible failures

- Webhook endpoint unreachable
- HMAC signature mismatch
- Duplicate webhook delivery

## Recovery guidance

- Tatum retries failed deliveries; ensure 2xx within the retry budget
- Reject unsigned/wrong-signature payloads and alert
- Deduplicate by event id; treat handlers as idempotent