cancel
Showing results for 
Search instead for 
Did you mean: 

webhooks with multiple auth.net accounts-

 

I have a website that I need to send payments to 2 different merchant accounts, this is based on what account the current user belongs to, example user1 sales go to store #1 Auth.net account, and user 2 sales go to store#2 auth.net account.  The order is sent with getHostedPaymentPageRequest(); at this time I know what auth.net account I am sending the payment to.  The issues comes when I register a webook

I have an endpoint listening on ....PaymentNotification\PaymentEvent and I recieve the callback however to know more about that order I need to call getTransactionDetailsRequest(), however

I dont know what store credentials I need to pass to get more details about the transaction.  I attempted to add a peramter on the webhook url(PaymentNotification\PaymentEvent?id=1) but it is invalid.  I could make a webhook callback for each store but I dont want to do this for (N) stores. How can I know who the transaction belongs to before I make the getTransactionDetailsRequest()?

 

 

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions

Hi 

 

If you dont want to have a different webhook callback url then another workaround is to use the hash  verification to check which merchant it belongs to . 

 

The hash is sent in a custom header: X-ANET-Signature along with the webhook .

Using the signature key, the body can be hashed again using the same algorithm. The calculated hash should match the hash sent in the header. 

 

https://developer.authorize.net/api/reference/features/webhooks.html#Verifying_the_Notification

 

Hope it helps . 

 

 





Send feedback at developer_feedback@authorize.net

View solution in original post

Anurag
Moderator Moderator
Moderator
3 REPLIES 3

Hi 

 

If you dont want to have a different webhook callback url then another workaround is to use the hash  verification to check which merchant it belongs to . 

 

The hash is sent in a custom header: X-ANET-Signature along with the webhook .

Using the signature key, the body can be hashed again using the same algorithm. The calculated hash should match the hash sent in the header. 

 

https://developer.authorize.net/api/reference/features/webhooks.html#Verifying_the_Notification

 

Hope it helps . 

 

 





Send feedback at developer_feedback@authorize.net
Anurag
Moderator Moderator
Moderator

Thanks, this could work, but the downside is I need to try each one of my Signature keys and hash with the response untill I find one that matches the X-Anet-Signature.  Though I do have a small set of keys, so it should be acceptable.

  

 

 

 

 

Hi @sandboxAuthNetT,

 

Just to clarify, you can definitely have multiple listener URLs, it's just the parameter syntax (with a "?") that's not allowed. It would be perfectly fine to have a listener that's https://yourserver.com/webhooks/merchant1/PaymentEvent and a https://yourserver.com/webhooks/merchant2/PaymentEvent, for example.

 

You can use the same listener program on your end, but just have it check what path was used to call it to determine the merchant.