LogoLogo
StatusChangelogDashboardCreate a Ticket
  • Getting Started
  • Intro to APIs
  • How to Contact us
  • How to Go-Live
  • Intro to Risk
  • Intro to Spec Sheets
  • Product Guides
    • Deposit Hub
      • 🌎Global Cash
    • Credit Hub
    • Payment Accounts
    • ID Score
  • API References
    • OAuth
      • OAuth Object Details
      • Create OAuth Key
      • Generate Refresh Token
    • Users
      • User Object Details
      • Testing on UAT
      • View All Users
      • View User
      • Create User
      • Update User
      • Generate UBO Doc
      • Manage Duplicates
      • Allowed Document Types
      • Allowed Entity Scopes
      • Allowed Entity Types
    • Nodes
      • Node Object Details
      • Testing on UAT
      • View all User Nodes
      • View Node
      • Create Node
      • Update Node
      • Generate eCash Barcode
      • Allowed Node Types
      • View ATMs
    • Subnets
      • Subnet Object Details
      • Testing on UAT
      • View all Node Subnets
      • View Subnet
      • Create Subnet
      • Update Subnet
      • Push to Wallet
    • Shipments
      • Shipment Object Details
      • View all Subnet Shipments
      • View Shipment
      • Create Shipment
      • Cancel Shipment
    • Statements
      • Statement Object Details
      • View all User Statements
      • View all Node Statements
    • Transactions
      • Transaction Object Details
      • Testing on UAT
      • View all User Transactions
      • View all Node Transactions
      • View Transaction
      • Create Transaction
      • Create Batch Transactions
      • Cancel Transaction
      • Retry ACH Transaction
      • Dispute Chargebacks
      • Dispute Transaction
    • Subscriptions
      • Subscription Object Details
      • Webhook Object Details
      • Testing on UAT
      • View all Subscriptions
      • View Subscription
      • Create Subscription
      • Update Subscription
      • View Webhook Logs
    • Miscellaneous
      • Dummy Transactions
      • Verify Address
      • Verify Routing Number
      • International WIRE-INT Required Data by Country
      • View Billers
      • View Enriched Data
      • Loan Limits
      • Transaction Decisioning
      • 3D Secure
      • Virtual Terminal
      • Pre-Authorization
      • Card Disputes Guide
      • Mobile Wallets
      • Interchange Revenue
      • Enrichment Guide
  • Developer Guides
    • User Onboarding
      • Create User Flow
      • Authenticate as the User
      • Create Node Flow
        • Cash Advance
        • Credit Builder Loan
        • One Time Loans
        • Secured Open Loans
        • Secured Revolving Loans
        • Unsecured Revolving Loans
      • Create Subnets Flow
        • Creating Cards
        • Creating AC/RT
      • Linking External Accounts
        • Linking Cards
        • Linking External Bank Account
      • Add Additional Documents
    • Account Details
      • Displaying Balances
      • Transaction History
      • Transaction Details
      • Account Agreements
      • Node Statements
      • Card Details
    • Managing Cards
      • Card Preferences
      • Setting PIN
      • Mobile Wallet Flow
        • Integrate with Apple Pay
        • Integrate with Google Pay
        • Integrate with Samsung Pay
      • Shipping Cards
    • Originating Transactions
      • Sending Fed Wires
      • Sending ACH Transfers
      • Sending International Wires
      • Deposit a Check
      • Issuing Checks
      • Recurring Transactions
      • 3rd Party Payment Accounts
      • Cancelling Transactions
      • Exceeding Origination Limits
    • Receiving Transactions
      • Transaction Decisioning
      • Receiving ACH / Wires
      • Card Transactions
      • Exceeding Inbound Limits
    • Managing Disputes
      • ACH Disputes
      • Card Disputes
    • 3rd Party Integrations
      • Payment Integrations
      • Account Aggregators
      • 3rd Parties & Compliance
  • Recipes
    • Overdraft Protection
    • Social Banking
    • Monetizing Transactions
Powered by GitBook
On this page
  • Webhook Format
  • Webhook URL Response Object
  • HMAC for Webhooks

Was this helpful?

Export as PDF
  1. API References
  2. Subscriptions

Webhook Object Details

Webhook Format

Key

Type

Description

_id.$oid

String

Object ID of webhook

client_id

String

Object ID of Client

date

Integer

Date webhook was created (milliseconds since Unix epoch time)

function

String

Resouce | Method

http_response_code

String

Response code from webhook URL

http_response_text

String

Response text from webhook URL

http_responses[]

Array

List of response data from webhook URL. See Webhook Response Object (below) for more information.

http_url

String

URL webhook was sent to

object_id

String

Object ID attached to resource type

safe_obj._id.$oid

String

Object ID of resource

safe_obj._rest

Object

Contains information about the resource (node, transaction, user, subnet objects)

safe_obj.webhook_meta

Object

Contains information about webhook subscription updates (e.g. who the object was updated by, function used to perform the update, etc)

safe_obj.webhook_meta.function

String

The function associated with the webhook (e.g. "NODE|PATCH")

safe_obj.webhook_meta.log_id

String

The ID of the log associated with the webhook

safe_obj.webhook_meta.updated_by

String

Who updated the webhook subscription (e.g. "SELF", "BACKEND, etc)

safe_obj.webhook_meta.date.$date

Integer (milliseconds since Unix epoch time)

The wehbook creation date

safe_obj_hash

String

Hashed object information

updated_by

String

For internal use

Best key to Query The _rest key is the best key to query by, as it matches what you receive from the API.

Webhook URL Response Object

Key

Type

Description

date

Integer

Date webhook received a response from webhook URL. Use of this value is recommended for ordering webhook responses when receiving them from Synapse.

http_response_code

String

Response code from webhook URL

http_response_text

String

Response text from webhook URL

http_url

String

URL webhook was sent to

HMAC for Webhooks

Every webhook is signed with HMAC.

HMAC is a protocol that helps you judge the authenticity of the received message. This comes in handy when you want to quickly find out whether the webhook was sent by Synapse or a malicious/notorious party.

The signature is a SHA-1 and SHA-256 HMAC hash of the object_id + your client_id, with the secret key as your client_secret.

Please note: Python (FullBody) uses the entire body of a webhook to create a signature, which can be used to rebuild a X-Synapse-Signature-SHA256-FullBody signature.

You will be able to rebuild the signature the following way:

import hmac 
from hashlib import sha1, sha256

key = 'your_client_secret'
raw = '{0}+{1}'.format(payload['_id']['$oid'],'your_client_id')

hashed_sha1 = hmac.new(key, raw, sha1)
hashed_sha256 = hmac.new(key, raw, sha256)

# The signature
print hashed_sha1.hexdigest()
print hashed_sha256.hexdigest()
import hmac
from hashlib import sha1, sha256
import json

payload = {"key": "value"}

webhook = json.dumps(payload,sort_keys=True).encode('utf-8')

key = bytes('your_client_secret','utf-8')

hashed_sha256 = hmac.new(key, webhook, sha256)

# The signature
print(hashed_sha256.hexdigest())

Please note that raw should look like this (with +): 563db3fb86c27307d925871f+e3f19e4bd4022c86e7f2

Not like this (without +): 563db3fb86c27307d925871fe3f19e4bd4022c86e7f2.

Since the SHA-1 signature is in hex, it should look like this:5bce964c20b0c36313d8f7cffc2ff4772d0c96750

We then take this signature and add it into the header of the request with name X-Synapse-Signature and X-Synapse-Signature-Sha256.

PreviousSubscription Object DetailsNextTesting on UAT

Last updated 2 years ago

Was this helpful?