Details about Webhooks sent by Zamp
Whenever a resource on our system is updated, we send an update to the merchant with the help of webhooks. Currently, webhooks are only available for Payouts and Bulk Actions APIs. We recommend the merchant to whitelist the following IP Addresses from which all calls from Zamp will be delivered.
IP Addresses to be whitelisted by merchants
- Stage Env: 34.87.148.68
- Prod Env: 35.240.227.82
Once the merchant receives the webhook call, we first request the merchant to validate if the call is truly made by Zamp. In order to validate that, we request you to extract the header key Zamp-Signature and validate against the logic below. The message consists of comma seperated string with values id, status of payoutSession The result of the code block below and the value present in the Zamp-Signature key should match.
const message = "merchant_uNR5Kc6a2zTdfqbLsDwxUZ_06_15,initiated;
const sha_message = CryptoJS.SHA256(`${message}:${ZAMP_SECRET}`);
const x_zamp_signature = CryptoJS.enc.Base64.stringify(sha_message);Request Body : The request body will consist of the resource_type and resource_id. The data passed on the request body will be same as that particular resource type's GET API.
We also recommend our customers to fetch the particular resource using the GET APIs, and updating their system based on the response of that request, rather than relying solely on the webhooks.