Webhooks Authorization

Generate Webhook Signature Token

Whitepay Webhooks utilizes Signature Token for signing Requests which sends to Webhook Targets. Webhooks are divided into general and webhooks related to payment pages. You can get your Signature Token on Tokens settings page in CRM for general webhook settings or on Payment page settings page for payment page webhook settings.

General webhook settings

General webhook settings

Payment page webhook settings

Payment page webhook settings

Signature Validation

Each webhook request includes Signature header.

Security Tip

Before process data from Webhook's body, you should validate Signature header with locally signed payload.

const { HmacSHA256 } = require('crypto-js');
const payloadJson = JSON.stringify(payload)
const signature = HmacSHA256(payloadJson, secret).toString()

secret - Signature key from CRM Settings page

payload - Request body