Introduction to Webhooks

Webhooks notify you about events related to an account
Introduction to Webhooks
 last updated: 
July 19, 2022

You can configure webhook endpoints via the API and listen for events. That way, you don't need to poll the API for updates. Webhooks allow Solid to notify customers of changes to various resources in the Solid Platform. Such changes would include KYC, KYB, and transaction updates. In order to secure our webhook events we are signing the HTTP request body with an HMAC using the secret as the signing key.

Webhook Secret

Every webhook created has a secret that's used to sign requests with a signature header allowing listeners to validate requests.

Signature matching the HMAC

All Solid webhook request messages are sent with a sd-webhook-sha256-signature header key which should be used to validate the message payload. The algorithm calculates the HMAC of the HTTP request body in bytes using the webhook secret as the key (via SHA-256). If the calculated HMAC matches the value in the sd-webhook-sha256-signature then the message should be considered a valid Solid message. If the HMAC validation fails the message should be discarded.

This section contains the following documentation:

The Webhook object
List all Webhook events
Create a Webhook
Update a Webhook
Retrieve a Webhook
Retrieve a Webhook Secret
List all Subscribed Webhooks
Delete a Webhook
Webhook samples
Card RTA Webhooks
ACH RTA Webhooks