Authentication
Authentication to the Recover Enterprise API is done using an API key. During the integration phase, Butter will provide you with the necessary API keys to authenticate with the endpoint.
Recover supports multiple authentication methods for merchant-provided endpoints, including Signing Secret (shared by Butter), API Keys and Basic Authentication. During integration, merchants must securely share the necessary authorization details with Butter.
If you need to Allowlist inbound traffic, Recover IPs can be provided on request.
Webhook Authentication
For implementation references, please review Webhook Signature Verification Examples.
- Compute an HMAC with the SHA256 hash function. Use the signing secret (provided by Butter) as the key and {json_payload}+{str(expiration)} as the message. The json_payload is the request body and expiration is the X-Butter-Webhook-Expiration header.
- Compare the signature you generate with X-Butter-Webhook-Signature from the headers. They should match exactly.
- Compare X-Butter-Webhook-Expiration to when the webhook was received to ensure it has not expired.
Interested in working with Butter to bring more revenue back to your business? Reach out to us here: [email protected].
