Notifications
Notifications are sent to the merchant at different points in the payment flow. The notifications are sent to the notificationUrl that was specified in the init-payment request. The listening service must accept HTTPS. In order to increase security and mitigate attack vectors such as replay attacks, all notifications are sent using the Standard Webhooks specification.
All notifications are signed using a webhookSecret that can be obtained from the back-office. The signature is calculated using an ed25519 key pair.
The webhookSecret is the public key of the key pair used by the merchant to validate the signature of the notification.
The following headers are sent with the notification:
Webhook-Signature: The signature of the notification calculated using an ed25519 key pair.Webhook-Timestamp: The timestamp of when the notification was generated.Webhook-Id: A unique identifier for the notification.
Please see the Standard Webhooks specification for more information on how to verify the signature.
All notifications are sent as JSON objects with the following shape:
{
"type": "<notification type>",
"timestamp": "<timestamp of when the action was triggered>",
"data": {
// The data that is sent with the notification
}
}The merchant must respond to the notifications with a HTTP status code of 200 OK and a JSON response body. The response body must be a JSON object with the following fields:
notificationId: A unique identifier for the notification.
This is not part of the webhook specification, but is added as an additional safeguard to guarantee that the notifications have been received.
Important
Notification responses can not take longer than 5 seconds. If the response takes longer, the notification will fail and be resent at a later point in time.
Cancel Payment Notifications
The cancel payment notification is sent when the payment is explicitly cancelled by the user by clicking the “Close” button, when the payment fails due to some unexpected error, or the payment has timed out due to too long inactivity. If the user explicity closed the cashier, the user is redirected to the closePath that was specified in the init-payment request, and the notification is sent immediately following that action.
A typical cancel payment notification looks like this:
{
"type": "payment.cancel",
"timestamp": "2024-10-17T11:02:29.529533562Z",
"data": {
"id": "<notification-id>",
"transactionId": "<transaction-id>",
"merchantReference": "1234567890",
}
}Credit Notifications
The credit notification is sent when the payment is credited (increased) to the merchant. Please keep in mind that a credit notification does not mean that the payment has been completed and the merchant has received the money. The credit notification is sent when the payment is credited to the merchant, but the actual payment may not be completed yet.
A typical credit notification looks like this:
{
"type": "payment.credit",
"timestamp": "2024-10-17T11:02:29.529533562Z",
"data": {
"id": "<notification-id>",
"transactionId": "<transaction-id>",
"merchantReference": "1234567890",
"amount": "100.00",
"currency": "EUR"
}
}Merchant Confirmation Notification
The merchant confirmation notification will be sent to the merchant if the requireMerchantConfirmation flag is set in the inital payment request. This notification will be sent once the identity of the user has been confirmed, and gives the merchant the option to reject the payment prematurely.
A typical merchant confirmation notification looks like this:
{
"type": "merchant.confirmation",
"timestamp": "2024-10-17T11:02:29.529533562Z",
"data": {
"id": "<notification-id>",
"nationalIdentificationNumber": "197001016653"
}
}The response must look like the following:
{
"notificationId" "<notification-id>",
"status": "ACCEPTED or REJECTED"
}Warning
When using this notification type, keep in mind that the user experience will suffer if the response is not handled promptly.