Configuring Ecomm hosted checkout webhooks

When generating an API token to use for the hosted checkout feature, merchants can configure a Webhook setting using the following steps:

  1. From the Clover merchant dashboard, scroll down to Account & Setup.
  1. From the Account & Setup page, click API Tokens under Business Operations.
  1. Click the Configure page link. Perform this step only if the merchant has already generated an API token. Otherwise, click Create New Token for a hosted checkout integration.
  1. On the next page, configure the look-and-feel of the hosted checkout page, configure a Webhook URL and generate a signing secret for receiving Webhook messages after the customer has made a payment in the hosted checkout session.
    Now, when a hosted checkout payment is processed, a Webhook notification will be sent to the merchant’s configured Webhook URL. For example:
Created Time
Message - for e,g,. Approved for 100 or Decline for 100
Status - APPROVED or DECLINED
Type - PAYMENT
Id: Payment UUID
MerchantId - Merchant UUID
Data - Checkout Session UUID

Clover-Signature Header

A message for a Webhook notification may also include a header called Clover-Signature. The value for the header is computed using the current time, payload and a Webhook secret. This allows developers to verify the authenticity of a Webhook message.

Do the following to validate the Clover-Signature header:

  1. Append the message's timestamp with a period (.), plus the raw request payload. For example, 1642599079.json, where json is the raw request body of the received Webhook message.
  2. Next, hash the value from the second string via HmacSHA256 using your Webhook secret key.
  3. Compare the two strings with the v1 signature value. If they match, then the validation is successful.

Did this page help you?