Webhooks

The API offers webhook functionality for all transaction types.

Webhooks Setup

In order to start receiving webhooks, a URL must be configured in the admin console.

Requirements

In order the facilitate the secure transmission of data between our servers and yours, the callback URL you provide us must begin with https://.

Data Forwarded to Callback URL

Below is an example of the headers included in the POST request we’ll make on any of the data types listed here: Transaction Data Types.

{
   "headers": {
      "Content-type": "application\/json;charset=utf-8",
      "X-PayJoy-Signature": "pTHES8rnlmzyW4LGlArQPnKnCDkTcY8Y6FYf/a8rrE0="
   },
   "content": {
      "..." : "..."
    }
}

As you can see, we will include an X-PayJoy-Signature header with each request.

The signature itself is a base64 encoded hash of the content (see above) of the request and your Payjoy API Key using the HMAC SHA256 standard (click here to learn more). As such, to verify the signature is correct (i.e. that the request was indeed sent from Payjoy and intended for your consumption), all you have to do is:

1. Create a hash of the request content using an HMAC SHA256 algorithm
2. Base 64 encode the result of step 1
3. Compare the result of step 2 to the signature in the request itself. The two should be the same.