X-Encoded-Data
. Computed using an
HMAC-SHA-256 of X-Encoded-Data
with the integrityKey
assigned to the
merchant.payin-link.update
, payin-source.update
,
payin-request.update
, payout-target.update
, payout-request.update
X-Encoded-Data
and X-Signature
.X-Signature
is an HMAC with the SHA256 hash function of X-Encoded-Data
. Compute an HMAC-SHA-256 of X-Encoded-Data
with the integrityKey
assigned to you, and compare it to X-Signature
. If the computed signature and X-Signature
are not equal, the signature is invalid.X-Encoded-Data
is a Base64 encoded string. Decode it and parse it into a JSON object. If the signature was correct in step 2, you can trust the data in this JSON.webhookId
. If you see the same webhookId
in the future, you can safely ignore it.