Webhook Verification

For request requires webhook callback, we need to verify the given URL is owned by you.

當請求需要 Webhook 通知時，提供的 URL 地址需要先通過驗證

Verification Instruction

We will POST a http request to your URL with the following message inside request body

我們會傳一個 http POST 的請求到您提供的 URL 地址，請求會附上以下內容

{"topic": "webhook/verification"}

We expect your server responds a verification token in plain text, example as below

需要以plain text方式回傳驗證token以通過驗證，下方為例子

NjEzOWQzOTcwYzA5NzIwMDFjZjUyMTgw

When verification failed, request will be responded with error http status code 422.

如果驗證通過失敗，會收到錯誤http status code 422

We require different verification token based on the type of token you trigger the request

根據您請求使用的token種類，我們會要求您的 URL 回傳不同的驗證token以通過驗證

For request using developer center app token, verification token will be base64 encoded string of your developer application ID

使用來自developer center的APP token發出請求，驗證所需的token為 base64 編碼 的 app ID

For other token, verification token will be base64 encoded string of merchant ID

使用其他token發出請求，驗證所需的token為 base64 編碼 的商戶 ID

For request using developer center app token, event send to your URL will carry a signature in the query string like below

使用來自developer center的APP token發出請求，回傳的事件會包含簽署

https://your-endpoint/?sign={signature}

Signature generation uses same mechanism with developer webhook. Can refer to here

簽署的生成方式與developer webhook一樣，詳細生成方式請參考這裡