Configuring Ecomm hosted checkout webhooks

When generating an API token to use for the hosted checkout feature, merchants can configure a Webhook setting using the following steps:

  1. From the Clover merchant dashboard, scroll down to Account & Setup.
  1. From the Account & Setup page, click API Tokens under Business Operations.
  1. Click the Configure page link. Perform this step only if the merchant has already generated an API token. Otherwise, click Create New Token for a hosted checkout integration.
  1. On the next page, configure the look-and-feel of the hosted checkout page, configure a webhook URL and generate a signing secret for receiving webhook messages after the customer has made a payment in the hosted checkout session.
    Now, when a hosted checkout payment is processed, a webhook notification will be sent to the merchant’s configured webhook URL. For example:
Created Time
Message - for e,g Approved for 100 or Decline for 100
Id: Payment UUID
MerchantId - Merchant UUID
Data - Checkout Session UUID

Clover-Signature Header

A message may also include a header called Clover-Signature. Its value is computed using the current time, payload and a webhook secret. This allows developers to verify the validity of a webhook message. Do the following to validate the Clover-Signature header:

  1. Append the timestamp + a ".", plus the raw request payload. For example, 1642599079.json, where json is the raw request body of the received webhook message.
  1. Use HmacSHA256 with your webhook secret key.
  2. Compare the string from two with the v1 signature value. You are successful if they match.

Did this page help you?