Webhook Authentication

Cabital will use the same method as API Authentication to generate the request signature when sending the request to Webhook URL.

Partner can validate the signature authorization as follows:

1. Get the values of request header parameters: ACCESS-KEY,ACCESS-TIMESTAMP,ACCESS-NONCE
2. Use the parameters from step 1 to compose the signature string
3. Use Secret Key (which provided by Partner) to encrypt the signature string
4. Compare the encrypt result from step 3 with the value of the request header parameter ACCESS-SIGN. If they're the same, is a success, otherwise, is a failure.

Notice

Please parse the callback payload before validation of request signature.