The Zero Hash Webhook uses request headers to ensure security on message transport. RSA security method is Zero Hash’s recommended form of webhook security as it does not require passing secret keys back and forth. We also support token method signing of payload, you may provide a secret token to us during configuration. If you’ve done so, we will include the x-zh-hook-signature-256 header with the webhook.
| Name | Description |
|---|---|
| x-zh-hook-notification-id | Notification ID, can be used for idempotency checks |
| x-zh-hook-payload-type | Payload type string. The following values are available: participant_status_changed payment_status_changed deposit_fund_complete external_account_status_changed unspecified |
Depending on your security configuration, additional headers may also be included:
| Name | Description |
|---|---|
| x-zh-hook-signature-256 | to_hex(hmac(sha_256(payload), your-secret)) |
| x-zh-hook-rsa-signature-256 | to_hex(rsa(sha_256(payload), zh-sec-key)) |
Zero Hash’s webhook requests will originate from the following IP addresses, should you need an allow-list:
18.189.25.175/323.18.218.32/323.22.145.85/32
Sample Webhook Signatures
🤝
Webhook Signatures
Open Recipe