Verify webhook signature

POST 
/verify-webhook-signature

Verifies a webhook signature.

Request

application/json

Body

auth_algo stringrequired

The algorithm that PayPal uses to generate the signature and that you can use to verify the signature. Extract this value from the PAYPAL-AUTH-ALGO response header, which is received with the webhook notification.

Possible values: <= 100 characters, Value must match regular expression ^[a-zA-Z0-9]+$

cert_url urirequired

The X.509 public key certificate. Download the certificate from this URL and use it to verify the signature. Extract this value from the PAYPAL-CERT-URL response header, which is received with the webhook notification.

Possible values: <= 500 characters

transmission_id stringrequired

The ID of the HTTP transmission. Contained in the PAYPAL-TRANSMISSION-ID header of the notification message.

Possible values: <= 50 characters, Value must match regular expression ^(?!\d+$)\w+\S+

transmission_sig stringrequired

The PayPal-generated asymmetric signature. Appears in the PAYPAL-TRANSMISSION-SIG header of the notification message.

Possible values: <= 500 characters, Value must match regular expression ^(?!\d+$)\w+\S+

transmission_time date-timerequired

The date and time of the HTTP transmission, in Internet date and time format. Appears in the PAYPAL-TRANSMISSION-TIME header of the notification message.

Possible values: <= 100 characters

webhook_id stringrequired

The ID of the webhook as configured in your Developer Portal account.

Possible values: <= 50 characters, Value must match regular expression ^[a-zA-Z0-9]+$

webhook_event

object

required

A webhook event notification.

event_version Event Version (string)

The event version in the webhook notification.

Possible values: Value must match regular expression ^([0-9]+.[0-9]+)$

resource_version Resource Version (string)

The resource version in the webhook notification.

Possible values: Value must match regular expression ^([0-9]+.[0-9]+)$

Responses

200

A successful request returns the HTTP 200 OK status code and a JSON response body that shows the verification status.

application/json

Schema

Schema

verification_status stringrequired

The status of the signature verification.

Possible values: [SUCCESS, FAILURE]

Example (from schema)

{
  "verification_status": "SUCCESS"
}

default

The error response.

application/json

Schema

Schema

name stringrequired

The human-readable, unique name of the error.

message stringrequired

The message that describes the error.

debug_id stringrequired

The PayPal internal ID. Used for correlation purposes.

information_link string

The information link, or URI, that shows detailed information about this error for the developer.

details object[]

An array of additional details about the error.

links object[]

An array of request-related HATEOAS links.

Example (from schema)

{
  "name": "string",
  "message": "string",
  "debug_id": "string",
  "information_link": "string",
  "details": [
    {
      "field": "string",
      "value": "string",
      "location": "body",
      "issue": "string",
      "description": "string"
    }
  ],
  "links": [
    {
      "href": "string",
      "rel": "string",
      "method": "GET"
    }
  ]
}

Loading...