Webhooks
briefly
In a nutshell Webhooks allow you to set up a notification system that can be used to receive updates on requests made to the Bank3D API.
Introduction
Webhooks are an important part of your payment integration. They allow Bank3D to notify you about events that happen on your account, such as a successful payment or a failed transaction.
Generally, when you make a request to an API endpoint, you expect to get a near-immediate response. However, some requests may take a long time to process, which can lead to timeout errors. Since your records need to be updated with the final state of the request, you need to either: Make a request for an update by calling our verification endpoint or listen to events by using a webhook URL.
So a webhook URL is an endpoint on your server where you can receive notifications about such events. When an event occurs, we'll make a POST request to that endpoint, with a JSON body containing the details about the event, including the type of event and the data associated with it.
Verify event Origin
Since your webhook URL is publicly available, you need to verify that events originate from Bank3D and not a malicious actor. To ensure events to your webhook URL are from Bank3D we use a Signature validation.
Note : The Payload sent by Bank3D to the webhook URL provided is similar to the verify payments sample response.
Signature validation
Events or response sent from Bank3D carry theΒ HMAC property in the payload. The value of this property is a Hexadecimal HMAC256 hash of combinations of MerchantRef, CurrencyCode and Amount using MerchantSecret as the key. Verifying the HMAC property should be done before processing any transaction.
Sample Function to Get HMAC Value :
When to use webhooks
Updated almost 2 years ago