- 新平台
本文对Webhook异步通知的配置进行了简单介绍。包括如何配置Webhook,常见的Webhook使用类型及示例,安全性相关:IP白名单,Header中Auth验证,验签方式及代码示例。
官网文档地址:https://www.checkout.com/docs/reporting-and-insights/webhooks
如何配置Webhook
商户可以在Hub后台直接进行Webhook的配置,具体操作流程如下:
Step 1,登录Hub后台
Step 2,打开Settings->Channels
右下角点击 “New Webhook” 进行添加
Step 3,输入贵司接受Webhook异步通知的网关地址,选择API版本v2.0,并根据业务需要勾选Webhook类型。
Step 4,完成配置,点击可以查看配置及Private shared key,这个key将出现在每一笔Webhook请求的HTTP Header中,可以用于安全校验
常见Webhook类型
建议添加的Webhook类型如下,尤其是绿色标注部分:
Webhook 类型 | 描述 |
---|---|
Payment approved | 授权成功,待请款 |
Payment captured | 请款成功(扣款成功) |
Payment declined | 支付失败 |
Payment refunded | 退款成功 |
Payment refund declined | 退款失败 |
Payment chargeback | 发生拒付 |
具体示例:
HTTP Header:
authorization | 9b715918-466e-421f-b9f0-b03a6fbe4d60 |
---|---|
cko-signature | bf213e71463459a4d3dff58374e58e5f33ef15117f592873b96b3e67ea8b21e4 |
其中authorization对应的Value即Hub配置信息中的Private shared key
cko-signature是对报文体加签得到的签名,亦可以用作安全验证
Body:
{
"id": "evt_vha2gih6tl5u5ebrpajhm727fe",
"type": "payment_approved",
"created_on": "2019-06-07T08:25:21Z",
"data": {
"action_id": "act_waji5li3mqtetnaor77xmow4bq",
"payment_type": "REGULAR",
"auth_code": "007895",
"response_code": "10000",
"response_summary": "Approved",
"scheme_id": "638284745624527",
"source": {
"id": "src_isu5yyegxg4e5l5yadnpu6y744",
"type": "card",
"billing_address": {},
"expiry_month": 12,
"expiry_year": 2025,
"scheme": "VISA",
"last_4": "4242",
"fingerprint": "71580b426f1d190d29087ff265d8f48df1ad34ede41c27cbff9d23c1a14d1776",
"bin": "424242",
"card_type": "Credit",
"card_category": "Consumer",
"issuer": "JPMORGAN CHASE BANK NA",
"issuer_country": "US",
"product_id": "A",
"product_type": "Visa Traditional",
"avs_check": "S",
"cvv_check": ""
},
"customer": {
"id": "cus_gs47qn23bqmefhkmlpokm7vzxm"
},
"processing": {
"acquirer_transaction_id": "8137549556",
"retrieval_reference_number": "000007895269"
},
"amount": 10000,
"metadata": {},
"risk": {
"flagged": false
},
"id": "pay_waji5li3mqtetnaor77xmow4bq",
"currency": "EUR",
"processed_on": "2019-06-07T08:25:21Z",
"reference": "ORD-5023-4E89"
},
"_links": {
"self": {
"href": "https://api.sandbox.checkout.com/events/evt_vha2gih6tl5u5ebrpajhm727fe"
},
"payment": {
"href": "https://api.sandbox.checkout.com/payments/pay_waji5li3mqtetnaor77xmow4bq"
}
}
}
{
"id": "evt_h3wfa5symn3ehof6fbgilpu5fm",
"type": "payment_declined",
"created_on": "2019-06-07T08:27:26Z",
"data": {
"action_id": "act_pfyq4sdkrvoexn737g2e26c3xm",
"payment_type": "REGULAR",
"auth_code": "000000",
"response_code": "20005",
"response_summary": "Declined - Do Not Honour",
"scheme_id": "638284745624527",
"amount": 5,
"source": {
"id": "src_isu5yyegxg4e5l5yadnpu6y744",
"type": "card",
"expiry_month": 12,
"expiry_year": 2025,
"scheme": "VISA",
"last_4": "4242",
"fingerprint": "71580b426f1d190d29087ff265d8f48df1ad34ede41c27cbff9d23c1a14d1776",
"bin": "424242",
"card_type": "Credit",
"card_category": "Consumer",
"issuer": "JPMORGAN CHASE BANK NA",
"issuer_country": "US",
"product_id": "A",
"product_type": "Visa Traditional",
"avs_check": "S",
"cvv_check": ""
},
"customer": {
"id": "cus_gs47qn23bqmefhkmlpokm7vzxm"
},
"processing": {
"acquirer_transaction_id": "8137549596",
"retrieval_reference_number": "000896481776"
},
"id": "pay_pfyq4sdkrvoexn737g2e26c3xm",
"currency": "EUR",
"processed_on": "2019-06-07T08:27:26Z",
"reference": "ORD-5023-4E89"
},
"_links": {
"self": {
"href": "https://api.sandbox.checkout.com/events/evt_h3wfa5symn3ehof6fbgilpu5fm"
},
"payment": {
"href": "https://api.sandbox.checkout.com/payments/pay_pfyq4sdkrvoexn737g2e26c3xm"
}
}
}
{
"id": "evt_6aznipgxbuaure3qen5qbzyswy",
"type": "payment_captured",
"created_on": "2019-06-07T08:25:22Z",
"data": {
"action_id": "act_gse7gcrhleuedmzhq25n3mhweq",
"response_code": "10000",
"response_summary": "Approved",
"amount": 10000,
"processing": {
"acquirer_transaction_id": "8137549557",
"acquirer_reference_number": "000220552364"
},
"id": "pay_waji5li3mqtetnaor77xmow4bq",
"currency": "EUR",
"processed_on": "2019-06-07T08:25:22Z",
"reference": "ORD-5023-4E89"
},
"_links": {
"self": {
"href": "https://api.sandbox.checkout.com/events/evt_6aznipgxbuaure3qen5qbzyswy"
},
"payment": {
"href": "https://api.sandbox.checkout.com/payments/pay_waji5li3mqtetnaor77xmow4bq"
}
}
}
{
"id": "evt_rmbwhvwacc7u5iczmz2tdcogum",
"type": "payment_refunded",
"created_on": "2020-02-03T11:35:03Z",
"data": {
"action_id": "act_7fmebms4rtmuja2poigylogjk4",
"response_code": "10000",
"response_summary": "Approved",
"reference": "ORD-5023-4E89",
"amount": 200,
"processing": {
"acquirer_transaction_id": "7026208384",
"acquirer_reference_number": "773993129364"
},
"id": "pay_pswr5qaqzzferh2puzfyrefzuy",
"currency": "GBP",
"processed_on": "2020-02-03T11:35:03Z",
"metadata": {
"coupon_code": "NY2018",
"partner_id": 123989
}
},
"_links": {
"self": {
"href": "https://api.checkout.com/events/evt_rmbwhvwacc7u5iczmz2tdcogum"
},
"payment": {
"href": "https://api.checkout.com/payments/pay_pswr5qaqzzferh2puzfyrefzuy"
}
}
}
{
"id": "evt_z5w4pkadoi3u5hu5lmlklwrxla",
"type": "payment_refund_declined",
"created_on": "2018-04-10T08:12:14Z",
"data": {
"id": "pay_y3oqhf46pyzuxjbcn2giaqnb44",
"action_id": "act_y3oqhf46pyzuxjbcn2giaqnb44",
"amount": 6540,
"currency": "USD",
"response_code": "20120",
"response_summary": "Invalid Customer/User",
"reference": "ORD-5023-4E89",
"metadata": {
"coupon_code": "NY2018",
"partner_id": 123989
},
"processed_on": "2018-04-19T15:56:59Z"
},
"_links": {
"self": {
"href": "https://api.checkout.com/events/evt_z5w4pkadoi3u5hu5lmlklwrxla"
},
"payment": {
"href": "https://api.checkout.com/payments/pay_y3oqhf46pyzuxjbcn2giaqnb44"
}
}
}
{
"id": "evt_hiefbhf5x2ye3f2qcyxfvye2ja",
"type": "payment_chargeback",
"created_on": "2018-05-10T10:41:35Z",
"data": {
"id": "pay_zlrug3xvfbsulovtpu2hhi33tq",
"action_id": "act_7B15779D173D0W45700D",
"processed_on": "2018-05-10T10:40:35Z",
"scheme": "Visa",
"currency": "GBP",
"amount": 500,
"payment_date": "2018-05-10T10:40:31Z",
"indicator": "ADJM",
"chargeback_code": "10.4",
"reference": "TRK12345",
"acquirer_reference_number": "3435301780034812032057",
"customer_id": "cus_5au3sqiyr2yuvoa3g2gv2h7aku"
},
"_links": {
"self": {
"href": "https://api.checkout.com/events/evt_hiefbhf5x2ye3f2qcyxfvye2ja"
},
"payment": {
"href": "https://api.checkout.com/payments/pay_zlrug3xvfbsulovtpu2hhi33tq"
}
}
}
其他Webhook可参考Chcekout.com官方文档:https://www.checkout.com/docs/reporting-and-insights/webhooks/webhook-examples
安全机制
1. Private shared key
即HTTP Header中的Authroization固定值,在收到Webhook通知时,可以与Hub后台系统生成的Privated shared key进行比对,若二者相同则验证成功,若二者不同则存在Webhook伪造的可能性。
2. Signature 签名
通过签名机制可以防止报文内容被篡改,当前Checkout.com产生签名的算法是 HMAC-SHA256,在计算签名值时,使用整个报文体,并将商户的secret key作为Hash key。若商户自己计算得到的签名值和HTTP Header中cko-signatrue中的值相同,则说明签名验证成功。
以下为简单的代码示例:
//Name of the file : sha256-hmac.js
//Loading the crypto module in node.js
var crypto = require('crypto');
//creating hmac object
var hmac = crypto.createHmac('sha256', '{{sk_XXXXX}}');//输入商户的secret key
//passing the data to be hashed
data = hmac.update('{"id":"{{webhook body}}");//输入收到的Webhook请求的Body
//Creating the hmac in the required format
gen_hmac= data.digest('hex');
//Printing the output on the console
console.log("hmac : " + gen_hmac);
3. IP 白名单
商户还可以对Checkout.com服务器对外的公网IP地址进行白名单处理:
IP地址 | 环境 |
---|---|
52.31.105.56 | 生产环境 |
52.210.98.185 | 生产环境 |
52.210.86.142 | 生产环境 |
52.56.73.133 | 测试环境 |
52.56.70.215 | 测试环境 |
3.9.108.151 | 测试环境 |
如何处理Webhook
当商户收到来自Checkout.com的Webhook异步通知时,如果处理正常则需要在10秒返回一个HTTP = 2XX,表示接收成功。若未收到这一返回,Checkout.com的系统会进行自动重试:
每次重试和上一次的时间间隔如下:
重试次数 | 生产环境 | 测试环境 |
---|---|---|
第一次重试 | 5分钟 | 5分钟 |
第二次重试 | 10分钟 | 10分钟 |
第三次重试 | 15分钟 | 15分钟 |
第四次重试 | 30分钟 | 30分钟 |
第五次重试 | 60分钟 | 60分钟 |
第六次重试 | 240分钟 | N/A |
第七次重试 | 720分钟 | N/A |