PortOne Server SDK for JVM/io.portone.sdk.server.webhook/WebhookVerifier

WebhookVerifier

class WebhookVerifier

Verifies webhook messages as specified in Standard Webhooks.

The implementation is based on the reference implementation.

Only supports symmetric signatures based on HMAC-SHA256.

An instance of WebhookVerifier is an immutable object holding the secret key. It is safe to share the instance between invocations and threads.

Example:

import io.portone.sdk.server.webhook.WebhookVerifier

// The webhook secret can be issued from the PortOne admin console.
// This is different from the API secret.
val webhookVerifier = WebhookVerifier("YOUR_WEBHOOK_SECRET_HERE")

// on each request
try {
    webhookVerifier.verify(
        payload = body,
        msgId = headers[WebhookVerifier.HEADER_ID],
        msgSignature = headers[WebhookVerifier.HEADER_SIGNATURE],
        msgTimestamp = headers[webhookVerifier.HEADER_TIMESTAMP],
    )
} catch (e: WebhookVerificationException) {
    // verification failed. log e.message and ignore the request.
}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(secretKey: ByteArray)

Constructs the verifier with the secret key.

constructor(secretKey: String)

Constructs the verifier with the secret key encoded in Base64.

Types

Link copied to clipboard
object Companion

Functions

Link copied to clipboard
fun verify(msgBody: String, msgId: String?, msgSignature: String?, msgTimestamp: String?)

Verifies a webhook message. When the verification fails, throws WebhookVerificationException.