2024-04-11 Upcoming Documentation Change

Enhanced Webhook Security

We will be making an improvement to our webhook security by adding a signing key to securely identify payloads from Aeropay. With this change, there will be a new endpoint POST /createWebhookSigningKey to create a webhook signing key that can compared against the hashed webhook payload.

Generating and using the webhook signing key is optional but highly recommended for security. Further information on how to generate and use a webhook signingKey will be in our documentation soon.

Webhook Payload Change

With this webhook security update, webhook payloads sent from Aeropay will now include a date parameter in addition to topic and data. This additional parameter is necessary to hash the webhook payload, url, and date and validate against your signingkey.

(NEW) Example Webhook Body

"topic": "transaction_declined",
"data": {
   "status": "nsf",
   "createdDate": "1702937461",
   "title": "Online Transaction,
   "amount": "20.00",
   "paymentType": "payout",
   "attributes": [],
   "apFee": "1.00",
   "uuid": "9545fcfb-1479-4db7-98c9-f15c368cb4ee",
   "userId": "1485",
   "merchantId": "1057",
   "id": "21204",
   "locationId": "1147",
   "returnCode": "R01"
},
"date": "2024-04-05 15:25:49" // new payload parameter