When using webhooks it is important to implement good practices to ensure your webhooks are secured and that your integration with Fintoc works as expected.

Types of Events

Your webhook should be configured so that it only listens to the events required for your application to work properly. We advise you to ignore unnecessary events, as they will only add extra load to your server.

Avoid Event duplication

For a plethora of reasons, it is possible that Fintoc sends the same event more than once to your application. That's why it is important that your webhook endpoint ensures idempotency when receiving events. A way of achieving this could be by storing the id of each event after being processed and then discarding events that already have been processed.

Security

Fintoc requires that the URL of your webhook endpoint is secured by a certificate that allows it to receive HTTPS requests. Fintoc won't send events to your server if it is not secured.

We also recommend to always validate that each event received in fact corresponds to an event sent by Fintoc.