Webhooks - Events and Configuration
Configure webhooks to receive funder profile event notifications and validate webhook payload signatures.
Webhooks - Funder
Use webhooks to receive notifications about events that occur in your profile, such as documents being signed.
When an event occurs, the system sends an HTTP POST request to all configured webhooks. The request contains information about the event and HATEOAS links that help you navigate your API to other resources related to the event type.
Our webhooks include a retry mechanism. We retry for two hours or until we receive the HTTP status 200 OK.
Your API must follow the idempotency principle because, in rare cases, the webhook may be delivered more than once.
Authentication
Authentication Token
You can define a header, a token type, and the token value for authentication.
For example:
Authorization: Bearer 6062949f-d17e-4e4d-b359-b3926544e2cc
Payload Validation
When you define an authentication token, Monkey uses it to generate a payload signature hash. This hash is sent in each request in the X-Hub-Signature header.
Monkey uses an HMAC Base64-encoded digest to calculate the hash. You can use the same mechanism to generate and validate the token.
Example:
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
public class XHubHeaderUtils {
public static boolean isValid(String secret, String payload, String xHubSignature)
throws InvalidKeyException, NoSuchAlgorithmException {
String digest = "HmacSHA256";
Mac mac = Mac.getInstance(digest);
mac.init(new SecretKeySpec(secret.getBytes(), digest));
String computedHash = new String(Base64.getEncoder().encode(mac.doFinal(payload.getBytes())));
return MessageDigest.isEqual(computedHash.getBytes(StandardCharsets.UTF_8),
xHubSignature.getBytes(StandardCharsets.UTF_8));
}
}def isValid(secret, payload, verify):
import hmac
import hashlib
import base64
hashBytes = hmac.new(secret, msg=payload, digestmod=hashlib.sha256).digest()
base64Hash = base64.b64encode(hashBytes)
return hmac.compare_digest(verify, base64Hash)using System;
using System.Text;
using System.Security.Cryptography;
public static class XHubHeaderUtils {
public static bool isValid(string secret, string payload, string xHubSignature)
{
byte[] bytes = Encoding.UTF8.GetBytes(secret);
HMAC hmac = new HMACSHA256(bytes);
bytes = Encoding.UTF8.GetBytes(payload);
String hash = Convert.ToBase64String(hmac.ComputeHash(bytes));
return CryptographicOperations.FixedTimeEquals(Convert.FromBase64String(hash), Convert.FromBase64String(xHubSignature));
}
}IP Restriction
You can restrict requests using Monkey's IP addresses.
Staging: 34.192.48.76 and 34.192.8.231
Production: 34.194.174.23 and 23.21.183.94
Webhook Configuration
To receive these requests, configure a webhook. Access the platform and go to Settings -> Webhooks -> Configure.
Events
| Event | Type (Registration) | Type (Search) | Description |
|---|---|---|---|
Purchase Created | PURCHASE | PurchaseCreatedEvent | Triggers a request to /purchase when an operation is performed. |
Purchase Created V2 | PURCHASE_V2 | PurchaseIntegratedEventV2 | Triggers a request to /purchase when an operation is performed. |
Signature completed/rejected by the Seller |
|
| Triggers a request to /seller-signature when the seller's legal representatives sign or reject an operation. |
Purchase Finalized | PURCHASE_FINALIZED | PurchaseFinalizedEvent | Triggers a request to /purchase-finalized when an operation is performed. |
Purchase Finalized V2 | PURCHASE_FINALIZED_V2 | PurchaseFinalizedEventV2 | Triggers a request to /purchase when an operation is finalized. |
Updated 19 days ago
