Introduction Last updated: 2020-04-21

This is a simple documentation for the API that was discussed its main purpose is to document and provide general information not contained on the OpenAPI v2 docs/specification.

Authentication

Authorization is done via basic auth.

The credentials used: live/test mode have an impact on the objects that are created, and for the webhooks - a sha hmac validation is used

Both the live and test mode have the following credentials:

  • apiKey
  • apiSecret
  • webhookSecret - used to do the validation

Live/test mode

The credentials use (either the live or test ones) will have an impact on the Merchant's testMode parameter

Webhooks

Two webhooks are called on the destionation:

  1. MerchantStatus - called everytime a merchant's status changes (due to DRVE or Stripe invocations)
  2. TransactionInfo - everytime a payment or a refund is made

Validation

Every request contains a x-gateway-hmac-sha256 header with a base64 string of a HMAC Sha256 of the raw body of the request

This HMAC is signed using the webhookSecret detailed above

.

Example code to validate the request below:

Data structures

Given OpenAPI's v2 specification limitations (and the inability to easily use v3 with Callbacks) - the data structures are provided below:

Section Item 4.3

Some examples of invocations of the MerchantStatuscan be seen here - Webhook Secret used: asldslakjdkj123lkj123

Examples of TransactionInfo invocations should be made available soon

Testing

Usage of a website like Webhook site is highly recommended

Upon creating a Merchant - the MerchantStatus webhook is already called

To be able to allow testing of the TransactionInfo webhook you can use the following site:

TransactionInfo Webhook testbed