API Overview

Webhooks Implementation Guide
- Recent Revisions to This Document
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introduction to Webhooks
- Webhooks Integration Overview
- Supported Products and Event Types

Set Up Your Security

Create REST API Keys
- Create a Shared Secret Key Pair
- Create a P12 Certificate

Create a Digital Signature Key

(Optional) Provide Your OAuth Credentials

Retrieve a List of Products and Events

Message-Level Encryption
- Preparing Your Workspace
- Generate Certificate and Key Pair
- Register the Certificate
  - Required Fields for Registering Your Message-Level Encryption Keys
  - Example: Registering Your Certificate
  - REST Interactive Example: Registering Your Certificate
- Security Best Practices
- Troubleshooting
- Viewing Certificate Details

Create a Webhook Subscription
- Create a Webhook Subscription
- Create a Webhook Subscription Using OAuth
- Create a Webhook Subscription Using OAuth with JWT
- Create a Sample Webhook Subscription

Optional Set-Up Tasks
- Webhook Health Check URL and Automatic Revalidation
- Configure the Retry Policy

Webhook Notification Field Descriptions

Example: Notification Payload

Manage Webhook Subscriptions Requests
- Retrieve the Details of a Webhook Subscription
- Retrieve All of an Organization's Subscriptions
- Update a Webhook Subscription
- Delete a Webhook Subscription
- Verify a Webhook Subscription's Configuration
- Activate a Webhook Subscription
- Deactivate a Webhook Subscription

Troubleshooting Webhook Subscriptions

On This Page

Security Best Practices

Here are some tips to ensure that your keys remain secure.

Store private keys in a secure location with restricted permissions.

Never commit private keys to version control.

Rotate certificates before expiration.

Use environment variables or secure vaults for production deployments.

Keep back-up copies of your private keys in a secure location.

Securing Your Private Key

Keep your request_private.pem
file secure. This private key is required to decrypt incoming webhook notifications. To modify the permissions so that only the file owner can read and write to the files, use this command:

chmod 600 request_private.pem

Back to top