Skip to main content

Webhook Configuration

  1. Merchant should expose a https endpoint that should be reachable in public internet.
  2. Merchant should validate the request using the Authorization token that comes as part of the request header. The authorization token is a JWT token. A public key for validating the token will be provided as a part of Merchant onboarding by CCG team.

Validating the JWT Authorization Token

The JWT token will be sent as Authorization Header in the HTTPS request.

# Header
Authorization:Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ7bWVyY2hhbnRJZH0iLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MTUxNjI0OTAyMn0.188mvtjbW1xf6fCFNun0ZjlreckxFnUEEGZO-rvvdp3II-70C-M_W7QP6Dm7B57qnZJq6lPWxCjJnbF3hkTtAg

The JWT token should be validated for

  1. Expiry
  2. Signature

The JWT tokens will be signed using ES256 (Eliptical Curve Cryptography with 256 bit hashing) algorithm.