Webhook Integration
Webhook integration process
To keep your system up to date a webhook is utilized. This webhook is configured to a URL you specify.
Example payload
{
"QuoteId": "6762564a-2b3b-4080-81f5-11cde5d039b8",
"PaymentOptionId": "77a3a914-e759-42d4-9e7b-468ce22e1522",
"PlatformPaymentReference": "YourInvoiceIdentifier",
"Event": "Pay-in",
"Status": "Created",
"EventDateTime": "2022-05-10T09:23:27Z"
}
Special request header: ms-signature
To assure that the payload was sent from the Plusius system and that the payload has not been altered, we ask that you verify the signature.
The signature is a SHA256 hash. To verify the signature you must first extract the signature from the header ms-signature and the raw JSON body.
You will also need the secret key, which will be given to you.
Signature versioning
Note that we have versioning for our signature.
Example signature header: v1,51AD7AE793DCC900DF7C107DC8A412368596F2822DC6D354B5B321C698AE6652.
When validating the signature make sure to split to exclude “v1,”.
To verify the signature you must generate your own signature, by using the raw JSON body and the secret key.
How to generate signature?
Below is a C# .Net 5.0 example of how to generate the signature.
Validate signature method:
public bool ValidateSignature(string signature, string valueToDigest, string secretKey)
{
if (string.IsNullOrWhiteSpace(valueToDigest))
{
var msg = "ValidateSignature received a null or empty valueToDigest (SignatureService.ValidateSignature)";
this.logger.Log(msg, true);
return false;
}
if (string.IsNullOrWhiteSpace(secretKey))
{
var msg = "ValidateSignature received a null secretKey (SignatureService.ValidateSignature)";
this.logger.Log(msg, true);
return false;
}
var hashResult = "";
var secret = Encoding.UTF8.GetBytes(secretKey);
using (var hasher = new HMACSHA256(secret))
{
var data = Encoding.UTF8.GetBytes(valueToDigest);
var sha256 = hasher.ComputeHash(data);
hashResult = Convert.ToHexString(sha256);
}
this.logger.Log("Signature generated by our system = " + hashResult + " Signature that was sent = " + signature);
if (signature.ToUpperInvariant() == hashResult.ToUpperInvariant())
{
return true;
}
else
{
return false;
}
}
In this example the secretKey is the secret key that has been given to you.
The valueToDigest is the raw JSON body. The signature is the value of header ms-signature.
Once you have generated your hash, you need to compare it with the signature that you have received and the one you created. You need to verify that they have the same value.