Receive a webhook notification

As soon as a webhook has been setup, ProAbono can emit a HTTP POST request on the predefined URL whenever an event associated with the webhook occurs.

The payload of the HTTP POST request contains relevant data describing the event which has occurred. The format of the data is JSON.

Answer to a webhook notification

Your application should answer a HTTP 200 OK. Any other response tells ProAbono that you have not received the webhook notification.

ProAbono will keep sending the notification until it gets a 200 OK response.

Verify that a webhook notification comes ProAbono

The webhooks notifications sent by ProAbono can be verified by the computation of a digital signature. In the header of the HTTP POST request that your application receives, you will find the following parameters:

  • X-ProAbono-Key ( This key is unique to each webhook notification )
  • X-ProAbono-Signature

The Verification Method:

  • Concatenate X-ProAbono-Key and your Business Key ( Your Business Key is available in the backoffice : Your Profile -> Integration -> Webhook tab)
  • Hash it (with SHA-256)
  • Encode the hash in base64.

If the result is equal to the X-ProAbono-Signature, the notification comes from ProAbono.

Example of a PHP code which verifies if a webhook notification comes or not from ProAbono

function verify_webhook ($keyRequest, $keyBusiness, $keySignature )
$calculated_hash = base64_encode(hash('sha256',$keyRequest.$keyBusiness,true));
return ($keySignature == $calculated_hash); }