Configure Ecommerce hosted checkout webhooks
United States
Canada
When generating an API token to use for the hosted checkout feature, merchants can configure a webhook setting using the following steps:
- From the Clover merchant dashboard, scroll down to Account & Setup.
- From the Account & Setup page, click API Tokens under Business Operations.
- Click the Configure page link. Perform this step only if the merchant has already generated an API token. Otherwise, click Create New Token for a hosted checkout integration.
- On the next page, configure the look-and-feel of the hosted checkout page, configure a Webhook URL and generate a signing secret for receiving Webhook messages after the customer has made a payment in the hosted checkout session.
Now, when a hosted checkout payment is processed, a Webhook notification will be sent to the merchant’s configured Webhook URL. For example:
Created Time
Message - for e,g,. Approved for 100 or Decline for 100
Status - APPROVED or DECLINED
Type - PAYMENT
Id: Payment UUID
MerchantId - Merchant UUID
Data - Checkout Session UUID
Clover-Signature Header
A message for a Webhook notification may also include a header called Clover-Signature
. The value for the header is computed using the current time
, payload
and a Webhook
secret. This allows developers to verify the authenticity of a Webhook message.
Do the following to validate the Clover-Signature
header:
- Append the message's timestamp with a period (
.
), plus the raw request payload. For example,1642599079.json
, wherejson
is the raw request body of the received Webhook message. - Next, hash the value from the second string via
HmacSHA256
using your Webhook secret key. - Compare the two strings with the
v1
signature value. If they match, then the validation is successful.
Updated 2 months ago