HMAC-SHA256 webhook signature validation for Adyen notifications.
Adyen signs webhook payloads using HMAC-SHA256 with a hex-encoded key. The signature is computed over a pipe-delimited string of specific fields.
Usage
hmac_key = Application.get_env(:adyen_client, :webhook_hmac_key)
case AdyenClient.Webhooks.HMAC.validate(notification_item, hmac_key) do
:ok -> handle_event(notification_item)
{:error, reason} -> Logger.warning("Webhook rejected: #{reason}")
endSummary
Functions
Compute the HMAC-SHA256 signature for a notification item.
Validate the HMAC signature of a standard webhook notification item.
Validate the HMAC signature of a Balance Platform webhook.
Types
@type notification_item() :: map()
Functions
@spec compute(notification_item(), String.t()) :: String.t()
Compute the HMAC-SHA256 signature for a notification item.
Returns the base64-encoded signature string.
@spec validate(notification_item(), String.t()) :: :ok | {:error, AdyenClient.Error.t()}
Validate the HMAC signature of a standard webhook notification item.
notification_item should be the map at notificationRequestItem level,
containing keys: pspReference, originalReference, merchantAccountCode,
merchantReference, value, currency, eventCode, success, additionalData.
@spec validate_balance_platform(String.t(), String.t(), String.t()) :: :ok | {:error, AdyenClient.Error.t()}
Validate the HMAC signature of a Balance Platform webhook.
Balance Platform webhooks use a different signing approach: the full JSON body is signed directly.