Webhooks - Events and Configuration

Configure webhooks to receive funder profile event notifications and validate webhook payload signatures.

Webhooks - Funder

Use webhooks to receive notifications about events that occur in your profile, such as documents being signed.

When an event occurs, the system sends an HTTP POST request to all configured webhooks. The request contains information about the event and HATEOAS links that help you navigate your API to other resources related to the event type.

Our webhooks include a retry mechanism. We retry for two hours or until we receive the HTTP status 200 OK.

Your API must follow the idempotency principle because, in rare cases, the webhook may be delivered more than once.

Authentication

Authentication Token

You can define a header, a token type, and the token value for authentication.

For example:

Authorization: Bearer 6062949f-d17e-4e4d-b359-b3926544e2cc

Payload Validation

When you define an authentication token, Monkey uses it to generate a payload signature hash. This hash is sent in each request in the X-Hub-Signature header.

Monkey uses an HMAC Base64-encoded digest to calculate the hash. You can use the same mechanism to generate and validate the token.

Example:

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;

public class XHubHeaderUtils {

	public static boolean isValid(String secret, String payload, String xHubSignature)
			throws InvalidKeyException, NoSuchAlgorithmException {

		String digest = "HmacSHA256";
		Mac mac = Mac.getInstance(digest);
		mac.init(new SecretKeySpec(secret.getBytes(), digest));
		String computedHash = new String(Base64.getEncoder().encode(mac.doFinal(payload.getBytes())));

		return MessageDigest.isEqual(computedHash.getBytes(StandardCharsets.UTF_8),
				xHubSignature.getBytes(StandardCharsets.UTF_8));
	}

}
def isValid(secret, payload, verify):
	import hmac
	import hashlib
	import base64
	hashBytes = hmac.new(secret, msg=payload, digestmod=hashlib.sha256).digest()
	base64Hash = base64.b64encode(hashBytes)
	return hmac.compare_digest(verify, base64Hash)
using System;
using System.Text;
using System.Security.Cryptography;

public static class XHubHeaderUtils {
	
	public static bool isValid(string secret, string payload, string xHubSignature)
  {
		byte[] bytes = Encoding.UTF8.GetBytes(secret);
		HMAC hmac = new HMACSHA256(bytes);
		bytes = Encoding.UTF8.GetBytes(payload);
		String hash = Convert.ToBase64String(hmac.ComputeHash(bytes));
				
    return CryptographicOperations.FixedTimeEquals(Convert.FromBase64String(hash), Convert.FromBase64String(xHubSignature));
   }
  
}

IP Restriction

You can restrict requests using Monkey's IP addresses.

Staging: 34.192.48.76 and 34.192.8.231

Production: 34.194.174.23 and 23.21.183.94

Webhook Configuration

To receive these requests, configure a webhook. Access the platform and go to Settings -> Webhooks -> Configure.

Events

EventType (Registration)Type (Search)Description

Purchase Created

PURCHASE

PurchaseCreatedEvent

Triggers a request to /purchase when an operation is performed.

Purchase Created V2

PURCHASE_V2

PurchaseIntegratedEventV2

Triggers a request to /purchase when an operation is performed.

Signature completed/rejected by the Seller


SELLER_SIGNED


SELLER_NOT_SIGNED


SellerSignedEvent


SellerNotSignedEvent


Triggers a request to /seller-signature when the seller's legal representatives sign or reject an operation.

Purchase Finalized

PURCHASE_FINALIZED

PurchaseFinalizedEvent

Triggers a request to /purchase-finalized when an operation is performed.

Purchase Finalized V2

PURCHASE_FINALIZED_V2

PurchaseFinalizedEventV2

Triggers a request to /purchase when an operation is finalized.

Did this page help you?