job_id
.
metadata
property in the data.error_details []
array that contains the value of the metadata for the row in the submitted job file that produced the error.
x-pagos-signature
property containing an HMAC-SHA256 generated hash signature. We recommend always validating this signature to ensure your server only processes webhook deliveries sent by Pagos and to verify the delivery hasn’t been tampered with. This will help you avoid using server resources to process deliveries, or updating your source-of-truth systems based on messages that do not originate from Pagos, thereby helping to prevent man-in-the-middle attacks.
The x-pagos-signature
contains the webhook signature in the following format:
t=
from the x-pagos-signature
, a period (“.”), the contents of the body:
of the webhook payload, and the stored customer secret. This signature will be sent in the {signature-version}=
property of the x-pagos-signature
. The {signature-version}
will be initially set as “V1”, representing SHA256. If additional hashing algorithms are offered, then an additional {signature-version}
will be created representing these additional hashing algorithms.
To validate the webhook signature a customer should generate a webhook signature using the above process of concatenation of the timestamp value in t=
from the x-pagos-signature
plus a period “.” plus the contents of the body:
of the webhook payload and the stored customer secret. Then compare your signature with the signature value in {signature-version}={signature}
. If they match, you’re safe to process the webhook. If they don’t match, then the webhook should be dropped.
Example Webhook Message