6. Webhook Payload Authentication
This page goes into details of the authentication options available for your web hook.
There are two options available for payload verification:
Option 1 – Secret Key Authentication
Your webhook data payload will be sent along with a JWT token containing {secret: your_secret_key} as its payload. This token will be placed in the request header called x-payload-auth.
Option 2 – IP Whitelisting
It is recommended that you implement an IP whitelist to ensure that JSON payloads to your registered web hook are received only from the following authorized IPs.
IP1: Provided on request
IP2: Provided on request
Transaction notification payloads will be re-tried if your web hook response status code is other than 200. Re-trial will take place twice per hour and then stop at end of day (EOD).
NOTE: The http method for your web hook should be POST as it will be receiving a JSON payload
Webhook JSON Payload Samples
Bank Transfer (EFT)
{
"reference": "Smooth-Test-5cb7311e-efc2-e2dd-9e94-fvvb4a76932b",
"session_id": "100089040525101154000562534883",
"amount": 100,
"fee": 1.17,
"account_number": "4600577000",
"originator_account_number": "",
"originator_account_name": "Emeka Ajibade",
"originator_bank": "",
"timestamp": "2023-06-07T09:26:30.214Z",
"email": "[email protected]",
"transactionref": "vpayuserd9e34cff027a11877416861824430"
}
Card
{
"reference": "Smooth-Test-5cb7311e-1b93-665f-9e94-5d704a76932b",
"session_id": "Card-VPay-168612998852",
"amount": 90,
"fee": 1.17,
"originator_account_name": "Card Payment By ****7030 ([email protected])",
"timestamp": "2023-06-07T09:26:30.214Z",
"email": "[email protected]",
"transactionref": "vpayuser64804cff027a1187741686129919",
"transaction_status": "success" | "failed"
}
NOTE: The transaction_status property is either success or failed for Card payloads.
Last updated
Was this helpful?