Rapyd.Services.Webhook (rapyd v1.0.0)

Rapyd Webhooks — verify inbound events and route to handlers.

Verification

Every inbound webhook from Rapyd is signed with HMAC-SHA256. Always call parse_and_verify/2 before trusting any event data:

def handle_webhook(conn, client) do
  raw_body = conn.assigns[:raw_body]   # must be the raw, unparsed body
  headers = %{
    salt:      get_req_header(conn, "salt")      |> List.first(),
    timestamp: get_req_header(conn, "timestamp") |> List.first(),
    signature: get_req_header(conn, "signature") |> List.first()
  }

  case Rapyd.Services.Webhook.parse_and_verify(client, raw_body, headers) do
    {:ok, event} ->
      dispatch(event)
      send_resp(conn, 200, "ok")

    {:error, %Rapyd.Error{type: :webhook_signature}} ->
      send_resp(conn, 401, "invalid signature")
  end
end

Routing

Use Rapyd.Types.WebhookEvent.dispatch/2 to branch by event type, or pattern-match on event.type directly.

Summary

Functions

create_webhook(client, params)

delete_webhook(client, webhook_id)

Delete a registered webhook endpoint.

get_webhook(client, webhook_id)

Retrieve a registered webhook endpoint.

list_webhooks(client)

List registered webhook endpoints.

parse_and_verify(client, raw_body, map)

Parse and cryptographically verify an inbound Rapyd webhook event.

update_webhook(client, webhook_id, params)

Update a registered webhook endpoint.