Webhooks Integration Guide

Webhooks Integration Guide

Notification content and structure

The notification body contains the type of notification and its payload.

  "type": [notification_type],
  "action": [status],
  "payload": [content]
type Type of the notification
  • PAYMENT This type of notification is sent when a payment is created or updated in the system.
  • REGISTRATION This type of notification is sent when a registration is created or deleted.
  • RISK This type of notification is sent when a risk transaction is created or deleted.
action Indicator of status change. This field is available only if the type is REGISTRATION.
  • CREATED when registration has been created.
  • UPDATED when registration has been updated.
  • DELETED when registration has been deleted.
payload Content of the notification. If the notification type is payment or registration, the payload's content will be identical to the response you received on the payment or registration. JSON required

Example - payment

      "descriptor":"3017.7139.1650 OPP_Channel ",
         "description":"Request successfully processed in 'Merchant in Integrator Test Mode'"
         "holder":"Jane Jones",
      "buildNumber":"ec3c704170e54f6d7cf86c6f1969b20f6d855ce5@2015-12-01 12:20:39 +0000",
      "timestamp":"2015-12-07 16:46:07+0000",

Example - registration

   "action": "CREATED",
         "description":"Request successfully processed in 'Merchant in Integrator Test Mode'",
         "randomField1315125026":"Please allow for new unexpected fields to be added"
         "holder":"Jane Jones"

      "timestamp":"2016-04-06 09:45:41+0000",

Example - risk

 "type": "RISK",
  "payload": {
    "id": "8ac9a4a86461239601646522acb26523",
    "referencedId": "8ac9a4a86461239601646522aaf96510",
    "paymentType": "RI",
    "paymentBrand": "VISA",
    "presentationAmount": "0.0",
    "result": {
      "code": "000.000.000",
      "description": "Transaction succeeded"
    "card": {
      "bin": "420000",
      "last4Digits": "0000",
      "holder": "Jane Jones",
      "expiryMonth": "03",
      "expiryYear": "2025"
    "authentication": {
      "entityId": "8a8294174b7ecb28014b9699220015ca"
    "redirect": {
      "parameters": []
    "risk": {
      "score": ""
    "timestamp": "2018-07-04 11:52:08+0000",
    "ndc": "8a8294174b7ecb28014b9699220015ca_b1539494024c411684b544574716e608"


The content of notification is encrypted to protect data from fraud attempts. When converting human-readable string to hexadecimal format, we use UTF-8.

Encryption algorithmAES
Key [secret of listener] (64-character-long hexadecimal string in configuration)
Key length256 bits (32 bytes)
Block modeGCM
Initialization vectorIn HTTP header (X-Initialization-Vector)
Authentication tagIn HTTP header (X-Authentication-Tag)

Format of body: Hexadecimal
Format of Initialization Vector: Hexadecimal


{"type": "PAYMENT"}

Payload in Hexadecimal (after getting bytes in UTF-8)

Key in Hexadecimal

Initialization-Vector (Hexadecimal)

Authentication-Tag (Hexadecimal)

Encrypted value in Hexadecimal

Responding to Notifications

When your service receives a webhook notification, it must return a 2xx HTTP status code. Otherwise, the webhook service considers the notification delivery as failed, and will retry to send the notification later.

Protocol Details

Protocol HTTPS (HTTP is allowed on test systems only)
HTTP method POST
Content type text(text/plain)