Webhooks
Webhooks work in conjunction with Prepared Payments, Idempotency Tokens, and the Integrity Digest to provide a secure and predictable transaction flow for online payments.
When creating a payment request using Prepared Payments the merchant may include a WebhookUrl. When the transaction completes a response summary will be sent directly to the webhook URL provided. This summary can be used to reliably confirm the status of the transaction independent of any cardholder device.
WebhookUrl must only be sent over direct channels, Prepared Payments or Payments API. Don't include the WebhookUrl on public web pages as this will reveal details about your website.
For security Webhook URLs must always use a secure connection (https)
Request Fields
| Field Name | Description | Req'd | Size | Type |
|---|---|---|---|---|
| WebhookUrl | The secure URL (https) to send a transaction summary to on completion of the transaction. | O | 100 max. | A |
Response Fields
The Webhook response will always be send as a JSON POST request with a content type of application/json containing the following fields.
| Field Name | Description | Req'd | Size | Type |
|---|---|---|---|---|
| transactionDateTime | The exact transaction date and time. Primarily used when validating the Integrity Digest. | M | 25 max. | ISO 8601 |
| idempotencyToken | Confirms the idempotency token supplied for this transaction | O | 50 max. | A |
| paymentReference | Confirms merchant payment reference supplied for this transaction | O | 50 max. | A |
| crossReference | The Monek Cross Reference unique to this transaction | M | 50 max. | A |
| responseCode | The 2 digit transaction response code | M | 1 | A |
| message | The response message text | M | 80 max. | A |
| amount | The transaction amount | M | 10 max. | A |
| currencyCode | The transaction currency code | M | 3 | A |
| integrityDigest | A cryptographic hash of key transaction fields. See Integrity Digest for more information. | O | 50 max. | A |
Alternatives
Transaction Response Echo
The new Webhook feature described above provides a clean and easy to integrate solution designed to replace the original TransactDirect Response Echo described below.
In addition to the standard transaction response method the TransactDirect platform supports an additional Transaction Response Echo.
The Response Echo provides the merchant with a direct confirmation for all transactions providing the ability to reconcile each transaction.
The merchant has visibility of all completed transactions even if the cardholder's browser or connectivity fails when delivering the result.
Transactions should always be routed securely via SSL secured websites however the Response Echo provides an additional layer of security by delivering transaction results directly to the merchant removing any interaction or reliance on the cardholder's device.
To enable this functionality please contact Monek Support with the following details:
| Detail | Description | Req'd |
|---|---|---|
| Monek Merchant ID(s) | The merchant or merchants to be enabled for transaction response echoes. | M |
| Echo Format | The preferred format for the response echo - HTTP POST - HTTP GET - XML (HTTP POST) Note: This is independent of the format used for the Transact process. | M |
| Echo URL | The URL the response echo will be sent to. | M |
| Echo URL Secret | A unique reference string that will be sent with every direct response echo to identify Monek as the source of the data. It is recommended that this is a long randomised alphanumeric string (e.g. a GUID). Note: If not supplied one will be allocated automatically | O |
| Echo URL Confirmation | A string value that the Echo URL will respond with on successful receipt of the echo data. | O |
| Fallback Email | An email address to forward the response to in the event of Echo URL failure. | O |
| Email Echo Secret | A unique reference string that will be sent with every email response echo to identify Monek as the source of the data. It is recommended that this is a long randomised alphanumeric string (e.g. a GUID). Note: If not supplied one will be allocated automatically Note: For security reasons this should be different to the URL Echo Secret | O |