Verify Webhook Signature
Signature verification is mandatory to ensure the webhook being sent is not tampered during the transit.
Overview
Signature verification is a crucial step in ensuring the authenticity and integrity of data received from webhooks. By verifying the signature provided in the webhook payload, you can confirm that the data originated from Dex3 servers and has not been tampered with during transit.
Process
Receive signature from the webhook endpoint.
Construct Hash String: Concatenate the necessary parameters into a single string before applying the hash function. The parameters typically include:
order_id
: The unique identifier for the order or transaction.merchant_public
: The public key of your merchant.amount
: The amount of the transaction.hash
: The hash of the transaction.merchant_private
: The private key of the merchant.
Apply Hash Function: Use a secure hashing algorithm such as SHA-256 to calculate the hash value of the before-hash string.
Compare Signatures: Compare the calculated hash value with the signature extracted from the webhook payload. If the two values match, the signature is considered valid, and the data integrity is confirmed. Do not continue if signatures do not match.
Last updated