Configuring legacy webhooks

To configure webhooks for a merchant, follow the steps below:

  1. Check Your Merchant's Role (Optional)

    In order to configure webhooks for a merchant, you must have administrator access to that merchant account.
    If you know that your user has sufficient rights, skip to step 2.

    To check your account's access rights, send a request to the Who am I endpoint
    in the User Management Service.

    In the example below, the user has authorization to configure webhooks for merchant ID 100039 only.

    Example Access Rights
    {
      "accessRights": {
        "merchantIds": {
          "100039": "A", // Admin access
          "100040": "W", // Write access
          "100068": "R" // Read-only access
        },
        "role": "A"
      }
    }
    
  2. Determine the Event Types

    See the Event types table and note the event types you would like to trigger a webhook.

  3. Post Configuration Information to Nexio

    Send a POST request to the Create legacy merchant webhooks endpoint.
    Include the merchant ID, the event type(s) you selected in step 2, and the endpoint to which the data will be sent.

    The example below configures a webhook to be sent to https://your-ecommerce-website.example.com when a transaction is authorized or refunded for merchant ID 100039

    Example Request
    curl -X POST https://api.nexiopaysandbox.com/webhook/v3/config \
      -H 'Content-Type: application/json' \
      -H 'Accept: application/json' \
      -H 'Authorization: Basic [Base64_encoded_login]'
      -d '{
      "merchantId": "100039",
      "webhooks": {
        "TRANSACTION_AUTHORIZED": {
          "url": "https://your-ecommerce-website.example.com"
        },
        "TRANSACTION_REFUNDED": {
          "url": "https://your-ecommerce-website.example.com"
        }
      }
    }'
    
  4. Check the Webhook's Configuration (Optional)

    To check the webhook configuration you completed in step 4, send a GET request to the View legacy merchant webhook configuration endpoint.

    Example Request
    curl -X GET https://api.nexiopaysandbox.com/webhook/v3/config/100039 \
      -H 'Accept: application/json' \
      -H 'Authorization: Basic [Base64_encoded_login]'
    
    Example 200 Response
    {
      "dateCreated": "2019-03-22T16:58:51.957Z",
      "webhooks": {
        "TRANSACTION_AUTHORIZED": {
          "url": "https://your-company-webhook-url-here.com"
        },
        "TRANSACTION_CAPTURED": {
          "url": "https://your-company-webhook-url-here.com"
        }
      },
      "merchantName": "My Company",
      "dateLastModified": "2019-04-04T18:54:58.011Z",
      "merchantId": "100039"
    }
    

  5. Configure the Merchant Secret (Optional)

    For additional security, you may set up a merchant secret.
    After the merchant secret is configured, you will be provided with a merchant secret and each webhook will include a header containing a signature.
    Use these to verify that all data received is authentic.

    To configure the merchant secret, send a POST request to the Create a merchant secret endpoint.
    Include the merchant ID to be configured in the body of your request.

    Example Request
    curl -X POST https://api.nexiopaysandbox.com/webhook/v3/secret \
      -H 'Content-Type: application/json' \
      -H 'Accept: application/json' \
      -H 'Authorization: Basic [Base64_encoded_login]'
      -d '{
      "merchantId": "100039"
    }'
    

    A successful request returns a response object containing the merchant secret. Store the secret in a secure location. You will use it later for signature verification (see step 3).

    Example Merchant Secret
    {
      "secret": "446946d5-bdd9-48c7-9504-0459d19c08e5"
    }
    

After you have configured the merchant secret, each webhook includes a signature header (see step 3).


Did this page help you?