Verifi RDR Webhook Event

6 min

webhook headers x butter webhook type value verifi rdr description the type of webhook event x butter webhook signature description a signed hash of the webhook body used to validate the authenticity examples of calculating signature hashes can be found below in the webhook signature code snippets section x butter webhook deduplication id description an idempotent id to verify if you have received the same webhook before x butter webhook created description time webhook was created, additionally used for calculating the signature hash webhook body { "id" "event ac7d19a7863bec06d7b1ae56", "object" "verifi rdr", "data" { "case" { "date" "2024 01 01", "amount" 19 99, "currency" "usd", }, "authorization code" "12345d", "acquirer reference number" "78709066262500100248962", "refunded" true, "original transaction" { "date" "2023 11 01", "amount" 19 99, "currency" "usd" }, "card" { "bin" 424242, "last4" 4242 }, "network" { "merchant id" 123456789, "scheme" "visa", "transaction id" "103431687468834", "reason code" "13 2", "merchant order id" "string", "merchant category code" 5411 }, "psp transaction" { "type" "charge", "id" "ch 3mmllrlkdiwhu7ix0snn0b15" } }, "created at" 1735689600 } field descriptors case date type string format yyyy mm dd description the date when the verifi case was opened nullable false case amount type float description the disputed amount as reported by the card network nullable false case currency type string format iso 4217 description the currency of the original transaction as reported by the card network nullable false authorization code type string description the authorization code of the original transaction as reported by the card network nullable false acquirer reference number type string description the acquirer reference number (arn) of the original transaction as reported by the card network nullable false refunded type boolean description indicates whether the transaction was refunded by an applied rdr rule nullable false original transaction date type string format yyyy mm dd description the date of the original transaction as reported by the card network nullable false original transaction amount type float description the amount of the original transaction as reported by the card network nullable false original transaction currency type string format iso 4217 description the currency of the original transaction as reported by the card network nullable false card bin type integer description the first six to eight digits of the card used to make the transaction as reported by the card network nullable false card last4 type integer description the last four digits of the card used to make the transaction as reported by the card network nullable false network merchant id type integer description the merchant id (mid) used during processing of the transaction as reported by the card network nullable false network scheme type string description the card network where the transaction was made nullable false enums visa network reason code type string description the reason the transaction was disputed as reported by the card network enums 10 4 (other fraud card absent environment) 10 5 (visa fraud monitoring program) 11 1 (card recovery bulletin) 11 2 (declined authorization) 11 3 (no authorization) 12 1 (late presentment) 12 2 (incorrect transaction code) 12 3 (incorrect currency) 12 4 (incorrect account number) 12 5 (incorrect amount) 12 6 1 (duplicate processing) 12 6 2 (paid by other means) 13 1 (merchandise/services not received) 13 8 (original credit transaction not accepted) 13 9 (non receipt of cash or load transaction value) 13 2 (cancelled recurring) 13 3 (not as described or defective merchandise/services) 13 4 (counterfeit merchandise) 13 5 (misrepresentation) 13 6 (credit not processed) 13 7 (cancelled merchandise/services) nullable false network merchant order id type string description the order id reported to the card network by the processor nullable true network merchant category code type integer description the merchant category code (mcc) as reported by the card network nullable false psp transaction type object description contains information about the linked transaction in the respective psp nullable true psp transaction type type string description type of id used for linking the disputed transaction to the transaction in the respective psp enums charge nullable false psp transaction id type string description the id linking the disputed transaction to the transaction in the respective psp created at type integer description a unix timestamp of when the webhook was created webhook signature code snippets import json import hashlib import hmac from time import time def verify webhook signature(body dict, headers dict, signing key str) > bool 	payload = json dumps(body, separators=(",", " ")) 	provided signature = headers get("x butter webhook signature") 	created at = headers get("x butter webhook created") 	message = f"{payload}+{created at}" encode("utf 8") 	cacluated signature = hmac new(signing key encode("utf 8"), message, hashlib sha256) hexdigest() 	return provided signature == cacluated signature const crypto = require('crypto'); function verifywebhooksignature(body, headers, signingkey) { 	const payload = json stringify(body); 	const createdat = headers\["x butter webhook created"]; 	const providedsignature = headers\["x butter webhook signature"]; 	const hmac = crypto createhmac('sha256', signingkey); 	const data = hmac update(buffer from(`${json stringify(body)}+${createdat}`)); 	const calculatedsignature = data digest('hex'); 	return (calculatedsignature == providedsignature) ? true false; } package main import ( "crypto/hmac" "crypto/sha256" "encoding/hex" "fmt" "strconv" "time" ) func verifywebhooksignature(headers map\[string]string, body string, signingkey string) bool { createdatstr = headers\["x butter webhook expires"] createdat, err = strconv parseint(createdatstr, 10, 64) if err != nil { fmt println("error parsing createdat timestamp ", err) return false } providedsignature = headers\["x butter webhook signature"] hmacsha256 = hmac new(sha256 new, \[]byte(signingkey)) , err = hmacsha256 write(\[]byte(body + "+" + createdatstr)) if err != nil { fmt println("error computing hmac ", err) return false } calculatedsignature = hex encodetostring(hmacsha256 sum(nil)) if calculatedsignature != providedsignature { return false } return true } import java nio charset standardcharsets; import java util map; import javax crypto mac; import javax crypto spec secretkeyspec; import com fasterxml jackson databind objectmapper; public class webhookverifier { public static boolean verifywebhooksignature(map\<string, string> headers, object body, string signingkey) { string createdatstr = headers get("x butter webhook created"); long createdat = long parselong(createdatstr); string providedsignature = headers get("x butter webhook signature"); try { objectmapper objectmapper = new objectmapper(); string payload = objectmapper writevalueasstring(body); mac hmac = mac getinstance("hmacsha256"); secretkeyspec secretkeyspec = new secretkeyspec(signingkey getbytes(standardcharsets utf 8), "hmacsha256"); hmac init(secretkeyspec); byte\[] payloadbytes = (payload + "+" + createdatstr) getbytes(standardcharsets utf 8); byte\[] signaturebytes = hmac dofinal(payloadbytes); string calculatedsignature = bytestohex(signaturebytes); if (!calculatedsignature equals(providedsignature)) { return false; } return true; } catch (exception e) { e printstacktrace(); return false; } } private static string bytestohex(byte\[] bytes) { stringbuilder hexstring = new stringbuilder(); for (byte b bytes) { string hex = integer tohexstring(0xff & b); if (hex length() == 1) { hexstring append('0'); } hexstring append(hex); } return hexstring tostring(); } }