When using webhooks it is important to implement good practices to ensure your webhooks are secured and that your integration with Fintoc works as expected.
Your webhook should be configured so that it only listens to the events required for your application to work properly. We advise you to ignore unnecessary events, as they will only add extra load to your server.
For a plethora of reasons, it is possible that Fintoc sends the same event more than once to your application. That's why it is important that your webhook endpoint ensures idempotency when receiving events. A way of achieving this could be by storing the
id of each event after being processed and then discarding events that already have been processed.
Keeping your endpoints secure is critical to protecting your customers’ information. Fintoc provides several ways for you to verify events are coming from Fintoc in a secure manner.
Fintoc requires that the URL of your webhook endpoint is secured by a certificate that allows it to receive HTTPS requests. Fintoc won't send events to your server if it is not secured.
Verify webhook signatures to confirm that received events are sent from Fintoc. Additionally, make sure these events originate from one of the following IP addresses:
Updated 5 months ago