To enable webhook events, you need to create a webhook subscription. The response to creating a webhook subscription will contain the secret you need to verify the webhook events delivered to your endpoint.
{
"data": {
"id": "1183b019-095b-4a6e-8fc8-d2b6c138edb8",
"type": "webhook_subscriptions",
"attributes": {
"url": "http://ortiz-bayer.test/robin",
"secret": "8ead22c621b968dc394fc49cc80ee30d"
}
},
"jsonapi": {
"version": "1.0"
}
}
After you have subscribed, CarrierSource can push real-time event data to your application’s webhook endpoint when events happen in CarrierSource. CarrierSource uses HTTPS to send webhook events to your app as a JSON payload.
Every event sent to your webhook endpoint will contain a CarrierSource-Signature header that you can use to verify the origin of the request. CarrierSource uses the same signing algorithm as Stripe to generate the signature header. Therefore, you may use any of the official Stripe client libraries to verify the webhook signature.