Authentication postback

If you are integrated with our APIs, you can opt to sign up for our authentication postback service. This will ensure you get authentication results sent to you the moment we process them. In web development, a postback is an HTTP POST from a client to a server in response to an original server message to the client. In this case, we play the role of client sending your server results as they become available.

Like a webhook, this allows our server to post to yours on events. It is a fire-and-forget message, with no retry attempts or success logging. If you need us to resend missed results we can provide them on request.

In order to consume this service, you will need to host an endpoint that supports JSON and expects the payload that we will deliver. We can support various authentication approaches, but please do let us know about your endpoint well in advance through an encrypted email so we will know what that approach is and what our credentials are for Sandbox and Production environments.

We will also provide you with the IP addresses you may need to whitelist to receive our communications. As part of setting us this service, you should also schedule an SIT slot with us to confirm the proper functioning of the service in Sandbox and Production environments. Customisation of the authentication postback service is charged separately.

In order to use this service your end point must:

  • be reachable at port 443 (HTTPS)

  • respond within 5 seconds

  • respond with a 2XX status code

  • handle for duplicate post backs for the same event

It is critical you prevent duplicates from the post back service from being processed. From time to time, these may occur as results are re-transmitted from the bank or due to any number of other operational reasons.

A sample of our postback payload is presented below:

{
"Type":"AuthResult",
"Value":
[
{
"MandateIdentification":string,
"DebiCheckAuthKey":string,
"AuthenticationBank":string,
"AuthenticationInstrument:string,
"AuthenticationStatus":string,
"AuthenticationDate":dateTime,
"RejectReasons":[string]
}
]
}

Pro tip: if you need to quickly generate a test URL you can do this using RequestBin or Mockbin.