API Overview

Webhooks Implementation Guide
- Limited Availability Release
- Recent Revisions to This Document
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners

Introducing Webhooks
- Webhooks Benefits
- Webhooks Requirements
- Webhooks Workflow Options

Set Up Webhooks
- Subscribing to Webhooks Using Mutual Trust
  - Setting Up Server Security
  - Create a Shared Secret Key Pair
  - Requesting a Digital Signature Key
    - Required Fields for Requesting a Digital Signature Key
    - Example: Requesting a Digital Signature Key
  - Products and Events
    - Requesting a List of Products and Events
    - Example: Requesting a List Products and Event
  - Subscribing to Webhooks Using Mutual Trust
    - Required Fields for Subscribing to Webhooks Using Mutual Trust
    - Optional Fields for Subscribing to Webhooks Using Mutual Trust
    - Example: Creating a Webhook Subscription Using Mutual Trust
    - Notification Scope
    - Webhook Health Check and Automatic Revalidation
    - Subscription Status
    - Product and Event Types
  - Notification Format
    - Example: Notification Payload
- Subscribing to Webhooks Using OAuth
  - Setting Up Server Security
  - Create a Shared Secret Key Pair
  - Requesting a Digital Signature Key
    - Required Fields for Requesting a Digital Signature Key
    - Example: Requesting a Digital Signature Key
  - Sending OAuth Credentials
    - Required Fields for Sending Your OAuth Credentials
    - Example: Sending Your OAuth Credentials
  - Products and Events
    - Requesting a List of Products and Events
    - Example: Requesting a List Products and Event
  - Subscribing to Webhooks Using OAuth
    - Required Fields for Subscribing to Webhooks Using OAuth
    - Optional Fields for Subscribing to Webhooks Using OAuth
    - Example: Creating a Webhook Subscription Using OAuth
    - Notification Scope
    - Webhook Health Check and Automatic Revalidation
    - Subscription Status
    - Product and Event Types
  - Notification Format
    - Example: Notification Payload
- Subscribing to Webhooks Using OAuth with JWT
  - Setting Up Server Security
  - Create a P12 File
  - Requesting a Digital Signature Key
    - Required Fields for Requesting a Digital Signature Key
    - Example: Requesting a Digital Signature Key
  - Sending OAuth Credentials
    - Required Fields for Sending Your OAuth Credentials
    - Example: Sending Your OAuth Credentials
  - Products and Events
    - Requesting a List of Products and Events
    - Example: Requesting a List Products and Event
  - Subscribe to Webhooks Using OAuth with JWT
    - Required Fields for Subscribing to Webhooks Using OAuth with JWT
    - Optional Fields for Subscribing to Webhooks Using OAuth with JWT
    - Example: Creating a Webhook Subscription Using OAuth with JWT
    - Notification Scope
    - Webhook Health Check and Automatic Revalidation
    - Subscription Status
    - Product and Event Types
  - Notification Format
    - Example: Notification Payload

Managing Subscriptions
- Retrieving the Details of a Webhook Subscription
  - Example: Retrieving the Details of a Webhook Subscription
- Retrieving an Organization's Subscriptions Using the Product and Event
  - Required Query Parameters for Retrieving an Organization's Subscriptions Using the Product and Event
  - Example: Retrieving an Organization's Subscriptions Using the Product and Event
- Updating a Webhook Subscription
  - Example: Updating a Webhook Subscription
- Deleting a Webhook Subscription
  - Example: Deleting a Webhook Subscription
- Testing a Webhook Subscription
  - Example: Testing a Webhook Subscription
- Activating a Webhook Subscription
  - Example: Activate a Webhook Subscription
- Deactivating a Webhook Subscription
  - Example: Deactivate a Webhook Subscription

Troubleshooting Webhook Subscriptions

Create REST API Keys
- Create a P12 File
- Create a Shared Secret Key Pair

Requesting a Digital Signature Key

Product and Event Types
- Requesting a List of Products and Events

Optional Tasks
- Notification Validation
  - Digital Signature Format
  - Validating a Notification
  - Example: Validating a Notification
- Retry Policy
  - Example: Retry Policy in a Subscription Request
- How to Trigger a Test TMS Event
  - Test Webhook Notification

On This Page

Validating a Notification

To validate a notification, you must use the digital signature key to generate your own signature and match it with the signature in the notification. For information on requesting digital signature keys, see these topics:

Requesting a Digital Signature Key for Mutual Trust

Requesting a Digital Signature Key for OAuth

Requesting a Digital Signature Key for OAuth with JWT

The digital signature of the notification is contained in the

sig

parameter of the

v-c-signature

header of the notification.

When you sent the API request that created the digital signature key, you received a response that contains a

keyInformation

array. The

keyInformation

array contains a

keyinformation.key

field which contains the digital signature key and a

keyinformation.keyId

field that identifies the digital signature key. The

keyinformation.key

field is required to generate your own signature, which you can use to validate the notification's signature.

Follow these steps to validate the integrity of a notification.

Split the signature by semicolon and extract

t

,

keyId

, and

sig

.

Use

keyId

to fetch the digital signature key.

Generate the payload by concatenating the timestamp with a period character (.) and the payload from the body of the notification.

Use the SHA256 algorithm to encrypt the generated payload from Step 3 using the key from Step 2.

Verify that the encrypted value matches the value in

sig

.

Back to top