Webhooks
Cardknox accounts can be configured to send notifications, known as webhooks, to a designated URL each time a transaction is processed on the account. These webhooks are sent as a series of key-value pairs, encoded in a POST request, and contain all the necessary information to identify the transaction and its status. The information included in these webhooks can be customized to fit your needs, and a complete list of available fields can be found in the "Response Parameters" section. The webhook and optional pin can be enabled in the Cardknox Portal.
See example below:
Form values | |
xEnteredDate |
|
xRefNum |
|
xCommand |
|
xAmount |
|
xResponseResult |
|
xMaskedCardNumber |
|
xExp |
|
xCardType |
|
xToken |
|
xSoftwareName |
|
xSourceKey |
|
xResponseBatch |
|
xMerchantID |
|
xMerchantName |
|
Raw Content
Webhook PIN
For security purposes and to prevent DDoS attacks, a pin can be set up when configuring the webhook. Cardknox will generate a hash and it will be included in the webhook header as "ck-signature". To validate the authenticity of a webhook on the recipient's end, follow the steps below to generate a hash and compare it to the "ck-signature". If your hash matches the "ck-signature" it confirms that the webhook originated from Cardknox.
URL Decode Data: URL decode the webhook data.
Normalize Key Case: Convert all parameter keys to lowercase to ensure case-insensitive sorting.
Sort Data Alphabetically: Sort the parameters alphabetically by their keys.
Extract Values: Extract the values from the sorted parameters.
Concatenate Values with PIN: Combine the extracted values with the webhook pin at the end.
Hash Concatenated String Using MD5: Apply the MD5 hashing algorithm to the concatenated string.
Pin Rules
The pin can only be AlphaNumeric
The pin must be at least 15 characters long
Last updated