We have an accept hosted solution implemented in a partner environment. We use access tokens to generate requests. Sometimes our website does not get the transaction response from the Javascript listener, so we're in the process of implementing webhooks as a secondary to capture those events when we do not receive the response.
My question is regarding the signature key to authenticate the request. It's difficult to test since there's not a sandbox for partners. If the webhook creation is occurring via API using the access tokens, will the signature key be our partner signature key instead of the merchant's signature key?
If not (the signature key is the merchant's signature key), is there any signature key sharing mechanism for our clients (the merchant) to share the key with us? I'm not sure it's going to go over too well to ask for them to email us their key, and I don't believe that to be a great way to share it. I know there are programs for such; however, the technical compentency of the merchant account adminstrator varies greatly. I'm just hoping someone might be able to give me insight on a frictionless process.
Thank you.
โ04-01-2021 09:22 AM