Webhooks are HTTP callbacks that notify you of all events you subscribed for on an entity.

Events can be payments, state changes to payments or transactions connected to a payment (e.g. a chargeback).

For PCI compliance, SSL connections using untrusted certificates are not allowed. Please ensure you have a valid SSL certificate chain. Self-signed certificates are not valid.


This article gives you an overview and is supported by our main integration documentation for card payments webhooks, available below:


For more information refer to Card Payment Webhooks Developer Documentation 


Once you are ready, please send the following details to [email protected] to get your webhooks registered and receive a decryption key :


  • Technical email address
  • Webhooks URL (must be HTTPS in LIVE) 
  • Payment types to receive notifications for (eg. Debits, refunds etc)
  • Indicate your preference for JSON wrapped notifications or plain text


Some additional notes on webhook integration:


1. Upon receiving the notification to your webhook url the system will expect an HTTP 200 response.
2. Only webhooks sitting on port 80 and port 443 are guaranteed to work
3. In order to register the webhook, we send a test notification to see if the webhook is configured correctly on your side. If either one of the first two points above is not satisfied, registration will fail.
4. The test notification is a 206 character HTTP Post (Content-Length=206)
5. We require that you test the webhook in the TEST system before configuring it for LIVE.


 


An example notification looks like this:


HEADERS




X-Authentication-Tag: 9CDE76F1E157428D3CFF8CBCB5E5BFED


Accept-Encoding: gzip


Cf-Connecting-Ip: 213.131.241.51


X-Dynatrace: FW1;-1;-2107993456;7056;15;-2107993456;7056;3


X-Initialization-Vector: F0B3A54CC4043F28BE7CA326


Content-Type: application/json; charset=UTF-8


X-Request-Id: 67c70736-b4b6-4369-84a2-ecaf00e7f0ec


Content-Encoding: UTF-8


Cf-Ray: 3a86a01909170f75-FRA


Via: 1.1 vegur


Connect-Time: 0


Cf-Ipcountry: DE


User-Agent: Apache-HttpClient


Content-Length: 206


Total-Route-Time: 0


Cf-Visitor: {"scheme":"https"}


Connection: close


Host: requestb.in


RAW BODY

{"encryptedBody":"12C148F1C9C1AEA110A5E9DAC8EABDF994BA6314387C2B3ABB29CF37A64C7D7F6E579A8E7EA7498BA3DF07CA1DFF5F07BE7BFD0DB4C8E7D20AA8860D2E990E1EB0C7BB804A09FE6A6658E9ED7B959575B61C52F7AB65C1B68D4D11F166"}