Webhook - Security Scheme

On top of Webhook that the customer shall expose a security scheme should be provided to have access to this interface. Customer is responsible for validating KanduPay HMAC Signature. The signature will follow the same guidelines as the X-Signature used to access the API.

Following is the list of Headers that KANDU will send upon Webhook consumption.

X-Api-Key Api Key provided to you in the onboarding process

X-Timestamp Timestamp for the request in epoch

X-Nonce Unique Identifier for the Request

X-Signature HMAC-256 signature for the message.

Extra Line of Security

We recommend you to allow incoming connections to webhook only from our IPs. Please reach us out to provide you with our set of productive IPs.