- 新平台
本文对Webhook异步通知的配置进行了简单介绍。包括如何配置Webhook,常见的Webhook使用类型及示例,安全性相关:IP白名单,Header中Auth验证,验签方式及代码示例。
官网文档地址:https://www.checkout.com/docs/reporting-and-insights/webhooks
如何配置Webhook
商户可以在Hub后台直接进行Webhook的配置,具体操作流程如下:
Step 1,登录Hub后台
Step 2,打开Settings->Channels
右下角点击 “New Webhook” 进行添加
Step 3,输入贵司接受Webhook异步通知的网关地址,选择API版本v2.0,并根据业务需要勾选Webhook类型。
Step 4,完成配置,点击可以查看配置及Private shared key,这个key将出现在每一笔Webhook请求的HTTP Header中,可以用于安全校验
常见Webhook类型
建议添加的Webhook类型如下,尤其是绿色标注部分:
| Webhook 类型 | 描述 |
|---|---|
| Payment approved | 授权成功,待请款 |
| Payment captured | 请款成功(扣款成功) |
| Payment declined | 支付失败 |
| Payment refunded | 退款成功 |
| Payment refund declined | 退款失败 |
| Payment chargeback | 发生拒付 |
具体示例:
HTTP Header:
| authorization | 9b715918-466e-421f-b9f0-b03a6fbe4d60 |
|---|---|
| cko-signature | bf213e71463459a4d3dff58374e58e5f33ef15117f592873b96b3e67ea8b21e4 |
其中authorization对应的Value即Hub配置信息中的Private shared key
cko-signature是对报文体加签得到的签名,亦可以用作安全验证
Body:
{"id": "evt_vha2gih6tl5u5ebrpajhm727fe","type": "payment_approved","created_on": "2019-06-07T08:25:21Z","data": {"action_id": "act_waji5li3mqtetnaor77xmow4bq","payment_type": "REGULAR","auth_code": "007895","response_code": "10000","response_summary": "Approved","scheme_id": "638284745624527","source": {"id": "src_isu5yyegxg4e5l5yadnpu6y744","type": "card","billing_address": {},"expiry_month": 12,"expiry_year": 2025,"scheme": "VISA","last_4": "4242","fingerprint": "71580b426f1d190d29087ff265d8f48df1ad34ede41c27cbff9d23c1a14d1776","bin": "424242","card_type": "Credit","card_category": "Consumer","issuer": "JPMORGAN CHASE BANK NA","issuer_country": "US","product_id": "A","product_type": "Visa Traditional","avs_check": "S","cvv_check": ""},"customer": {"id": "cus_gs47qn23bqmefhkmlpokm7vzxm"},"processing": {"acquirer_transaction_id": "8137549556","retrieval_reference_number": "000007895269"},"amount": 10000,"metadata": {},"risk": {"flagged": false},"id": "pay_waji5li3mqtetnaor77xmow4bq","currency": "EUR","processed_on": "2019-06-07T08:25:21Z","reference": "ORD-5023-4E89"},"_links": {"self": {"href": "https://api.sandbox.checkout.com/events/evt_vha2gih6tl5u5ebrpajhm727fe"},"payment": {"href": "https://api.sandbox.checkout.com/payments/pay_waji5li3mqtetnaor77xmow4bq"}}}
{"id": "evt_h3wfa5symn3ehof6fbgilpu5fm","type": "payment_declined","created_on": "2019-06-07T08:27:26Z","data": {"action_id": "act_pfyq4sdkrvoexn737g2e26c3xm","payment_type": "REGULAR","auth_code": "000000","response_code": "20005","response_summary": "Declined - Do Not Honour","scheme_id": "638284745624527","amount": 5,"source": {"id": "src_isu5yyegxg4e5l5yadnpu6y744","type": "card","expiry_month": 12,"expiry_year": 2025,"scheme": "VISA","last_4": "4242","fingerprint": "71580b426f1d190d29087ff265d8f48df1ad34ede41c27cbff9d23c1a14d1776","bin": "424242","card_type": "Credit","card_category": "Consumer","issuer": "JPMORGAN CHASE BANK NA","issuer_country": "US","product_id": "A","product_type": "Visa Traditional","avs_check": "S","cvv_check": ""},"customer": {"id": "cus_gs47qn23bqmefhkmlpokm7vzxm"},"processing": {"acquirer_transaction_id": "8137549596","retrieval_reference_number": "000896481776"},"id": "pay_pfyq4sdkrvoexn737g2e26c3xm","currency": "EUR","processed_on": "2019-06-07T08:27:26Z","reference": "ORD-5023-4E89"},"_links": {"self": {"href": "https://api.sandbox.checkout.com/events/evt_h3wfa5symn3ehof6fbgilpu5fm"},"payment": {"href": "https://api.sandbox.checkout.com/payments/pay_pfyq4sdkrvoexn737g2e26c3xm"}}}
{"id": "evt_6aznipgxbuaure3qen5qbzyswy","type": "payment_captured","created_on": "2019-06-07T08:25:22Z","data": {"action_id": "act_gse7gcrhleuedmzhq25n3mhweq","response_code": "10000","response_summary": "Approved","amount": 10000,"processing": {"acquirer_transaction_id": "8137549557","acquirer_reference_number": "000220552364"},"id": "pay_waji5li3mqtetnaor77xmow4bq","currency": "EUR","processed_on": "2019-06-07T08:25:22Z","reference": "ORD-5023-4E89"},"_links": {"self": {"href": "https://api.sandbox.checkout.com/events/evt_6aznipgxbuaure3qen5qbzyswy"},"payment": {"href": "https://api.sandbox.checkout.com/payments/pay_waji5li3mqtetnaor77xmow4bq"}}}
{"id": "evt_rmbwhvwacc7u5iczmz2tdcogum","type": "payment_refunded","created_on": "2020-02-03T11:35:03Z","data": {"action_id": "act_7fmebms4rtmuja2poigylogjk4","response_code": "10000","response_summary": "Approved","reference": "ORD-5023-4E89","amount": 200,"processing": {"acquirer_transaction_id": "7026208384","acquirer_reference_number": "773993129364"},"id": "pay_pswr5qaqzzferh2puzfyrefzuy","currency": "GBP","processed_on": "2020-02-03T11:35:03Z","metadata": {"coupon_code": "NY2018","partner_id": 123989}},"_links": {"self": {"href": "https://api.checkout.com/events/evt_rmbwhvwacc7u5iczmz2tdcogum"},"payment": {"href": "https://api.checkout.com/payments/pay_pswr5qaqzzferh2puzfyrefzuy"}}}
{"id": "evt_z5w4pkadoi3u5hu5lmlklwrxla","type": "payment_refund_declined","created_on": "2018-04-10T08:12:14Z","data": {"id": "pay_y3oqhf46pyzuxjbcn2giaqnb44","action_id": "act_y3oqhf46pyzuxjbcn2giaqnb44","amount": 6540,"currency": "USD","response_code": "20120","response_summary": "Invalid Customer/User","reference": "ORD-5023-4E89","metadata": {"coupon_code": "NY2018","partner_id": 123989},"processed_on": "2018-04-19T15:56:59Z"},"_links": {"self": {"href": "https://api.checkout.com/events/evt_z5w4pkadoi3u5hu5lmlklwrxla"},"payment": {"href": "https://api.checkout.com/payments/pay_y3oqhf46pyzuxjbcn2giaqnb44"}}}
{"id": "evt_hiefbhf5x2ye3f2qcyxfvye2ja","type": "payment_chargeback","created_on": "2018-05-10T10:41:35Z","data": {"id": "pay_zlrug3xvfbsulovtpu2hhi33tq","action_id": "act_7B15779D173D0W45700D","processed_on": "2018-05-10T10:40:35Z","scheme": "Visa","currency": "GBP","amount": 500,"payment_date": "2018-05-10T10:40:31Z","indicator": "ADJM","chargeback_code": "10.4","reference": "TRK12345","acquirer_reference_number": "3435301780034812032057","customer_id": "cus_5au3sqiyr2yuvoa3g2gv2h7aku"},"_links": {"self": {"href": "https://api.checkout.com/events/evt_hiefbhf5x2ye3f2qcyxfvye2ja"},"payment": {"href": "https://api.checkout.com/payments/pay_zlrug3xvfbsulovtpu2hhi33tq"}}}
其他Webhook可参考Chcekout.com官方文档:https://www.checkout.com/docs/reporting-and-insights/webhooks/webhook-examples
安全机制
1. Private shared key
即HTTP Header中的Authroization固定值,在收到Webhook通知时,可以与Hub后台系统生成的Privated shared key进行比对,若二者相同则验证成功,若二者不同则存在Webhook伪造的可能性。
2. Signature 签名
通过签名机制可以防止报文内容被篡改,当前Checkout.com产生签名的算法是 HMAC-SHA256,在计算签名值时,使用整个报文体,并将商户的secret key作为Hash key。若商户自己计算得到的签名值和HTTP Header中cko-signatrue中的值相同,则说明签名验证成功。
以下为简单的代码示例:
//Name of the file : sha256-hmac.js//Loading the crypto module in node.jsvar crypto = require('crypto');//creating hmac objectvar hmac = crypto.createHmac('sha256', '{{sk_XXXXX}}');//输入商户的secret key//passing the data to be hasheddata = hmac.update('{"id":"{{webhook body}}");//输入收到的Webhook请求的Body//Creating the hmac in the required formatgen_hmac= data.digest('hex');//Printing the output on the consoleconsole.log("hmac : " + gen_hmac);
3. IP 白名单
商户还可以对Checkout.com服务器对外的公网IP地址进行白名单处理:
| IP地址 | 环境 |
|---|---|
| 52.31.105.56 | 生产环境 |
| 52.210.98.185 | 生产环境 |
| 52.210.86.142 | 生产环境 |
| 52.56.73.133 | 测试环境 |
| 52.56.70.215 | 测试环境 |
| 3.9.108.151 | 测试环境 |
如何处理Webhook
当商户收到来自Checkout.com的Webhook异步通知时,如果处理正常则需要在10秒返回一个HTTP = 2XX,表示接收成功。若未收到这一返回,Checkout.com的系统会进行自动重试:
每次重试和上一次的时间间隔如下:
| 重试次数 | 生产环境 | 测试环境 |
|---|---|---|
| 第一次重试 | 5分钟 | 5分钟 |
| 第二次重试 | 10分钟 | 10分钟 |
| 第三次重试 | 15分钟 | 15分钟 |
| 第四次重试 | 30分钟 | 30分钟 |
| 第五次重试 | 60分钟 | 60分钟 |
| 第六次重试 | 240分钟 | N/A |
| 第七次重试 | 720分钟 | N/A |
若有收获,就点个赞吧
0 人点赞
