When generating an API token to use for the hosted checkout feature, merchants can configure a Webhook setting using the following steps:
- From the Clover merchant dashboard, scroll down to Account & Setup.
- From the Account & Setup page, click API Tokens under Business Operations.
- Click the Configure page link. Perform this step only if the merchant has already generated an API token. Otherwise, click Create New Token for a hosted checkout integration.
- On the next page, configure the look-and-feel of the hosted checkout page, configure a Webhook URL and generate a signing secret for receiving Webhook messages after the customer has made a payment in the hosted checkout session.
Now, when a hosted checkout payment is processed, a Webhook notification will be sent to the merchant’s configured Webhook URL. For example:
Created Time Message - for e,g,. Approved for 100 or Decline for 100 Status - APPROVED or DECLINED Type - PAYMENT Id: Payment UUID MerchantId - Merchant UUID Data - Checkout Session UUID
A message for a Webhook notification may also include a header called
Clover-Signature. The value for the header is computed using the
payload and a
Webhook secret. This allows developers to verify the authenticity of a Webhook message.
Do the following to validate the
- Append the message's timestamp with a period (
.), plus the raw request payload. For example,
jsonis the raw request body of the received Webhook message.
- Next, hash the value from the second string via
HmacSHA256using your Webhook secret key.
- Compare the two strings with the
v1signature value. If they match, then the validation is successful.
Updated 5 months ago