Webhooks

Juspay / JusBiz will be pushing the authorization details for every Virtual Card to Corporate using an Auth API. These are called Webhooks. You must configure a valid HTTPS endpoint that is reachable from our servers to consume these notifications. Our servers will push data using HTTPS POST call to your endpoint.

Webhook Authentication

We support Basic HTTP Authentication for your Webhook URL.

In order to get access to the transaction authorization details, Corporate needs to share the below details with Juspay:

1. Webhook URL on which JusBiz will push the auth data to the Corporate

2. Webhook authorization key - a) username and b) password

Payload

Please note:

1. Please refer the sample request body.

2. This request will be encrypted using Corporate provided encryption key:

1. While uploading the RSA Key, corporate will have to select the type of key and define if key is to be used for API auth or for encryption. This will be done on the JusBiz dashboard.

2. Corporate should store the keyUUID as it will be part of the headers.

3. This request will also be signed by Juspay. In order to verify, please download the public key from the JusBiz dashboard. You may reach out to your JusBiz POC for further details or queries.

Response

Corporate is expected to send the appropriate HTTP response if the client is down or unable to process the message.

HTTPS Status Code

Status Code Description

200

When authorizations are successfully processed by client’s endpoint, a HTTPS status code of 200 should be sent back to Juspay.

400 - series

This status code indicates there was an incorrectly formatted authorization push notification sent by Juspay.

500 – series

This status code indicates client services are unavailable. 

Handling Failures

If your server is not reachable and we receive a non-200 response when we are attempting webhook notification, we would mark the webhook notified section in our dashboard as False. Hence, consume webhooks on with 200 response code.