- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a website that I need to send payments to 2 different merchant accounts, this is based on what account the current user belongs to, example user1 sales go to store #1 Auth.net account, and user 2 sales go to store#2 auth.net account. The order is sent with getHostedPaymentPageRequest(); at this time I know what auth.net account I am sending the payment to. The issues comes when I register a webook
I have an endpoint listening on ....PaymentNotification\PaymentEvent and I recieve the callback however to know more about that order I need to call getTransactionDetailsRequest(), however
I dont know what store credentials I need to pass to get more details about the transaction. I attempted to add a peramter on the webhook url(PaymentNotification\PaymentEvent?id=1) but it is invalid. I could make a webhook callback for each store but I dont want to do this for (N) stores. How can I know who the transaction belongs to before I make the getTransactionDetailsRequest()?
Solved! Go to Solution.
โ11-16-2017 01:23 PM
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
If you dont want to have a different webhook callback url then another workaround is to use the hash verification to check which merchant it belongs to .
The hash is sent in a custom header: X-ANET-Signature along with the webhook .
Using the signature key, the body can be hashed again using the same algorithm. The calculated hash should match the hash sent in the header.
https://developer.authorize.net/api/reference/features/webhooks.html#Verifying_the_Notification
Hope it helps .
Send feedback at developer_feedback@authorize.net
โ11-16-2017 10:30 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
If you dont want to have a different webhook callback url then another workaround is to use the hash verification to check which merchant it belongs to .
The hash is sent in a custom header: X-ANET-Signature along with the webhook .
Using the signature key, the body can be hashed again using the same algorithm. The calculated hash should match the hash sent in the header.
https://developer.authorize.net/api/reference/features/webhooks.html#Verifying_the_Notification
Hope it helps .
Send feedback at developer_feedback@authorize.net
โ11-16-2017 10:30 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, this could work, but the downside is I need to try each one of my Signature keys and hash with the response untill I find one that matches the X-Anet-Signature. Though I do have a small set of keys, so it should be acceptable.
โ11-17-2017 02:18 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @sandboxAuthNetT,
Just to clarify, you can definitely have multiple listener URLs, it's just the parameter syntax (with a "?") that's not allowed. It would be perfectly fine to have a listener that's https://yourserver.com/webhooks/merchant1/PaymentEvent and a https://yourserver.com/webhooks/merchant2/PaymentEvent, for example.
You can use the same listener program on your end, but just have it check what path was used to call it to determine the merchant.
โ11-21-2017 09:18 AM

