Webhooks
This section shows you how our webhook service works, what it delivers and explains its messages.
Last updated
Was this helpful?
This section shows you how our webhook service works, what it delivers and explains its messages.
Last updated
Was this helpful?
To properly receive incoming webhooks, your server should provide an endpoint supporting:
POST requests are either raw in text/plain if message was encrypted by your configured secret or application/json if no secret was set
You can use a service like e.g. to test receiving webhooks from your developer dashboard.
Webhooks are a crucial node to ensure the functionality of your integration, as such, they can be the target of a malicious user aiming to disrupt the service. In order to protect your application from these threats, you must include a 32 bytes-long secret in your webhook configuration, which will be used to encrypt the request body.
When you enable Encryption, the Webhook message is sent as text/plain. Below you'll find an example of how to decipher an incoming webhook request. The cipher initialization vector will be sent over as a 16 bytes metadata (header) of the response.