Skip to content

Commit b858060

Browse files
gcatanesegcatanese
authored
Update README.md
1 parent 4f65f11 commit b858060

File tree

1 file changed

+21
-8
lines changed

1 file changed

+21
-8
lines changed

README.md

Lines changed: 21 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,9 @@ import com.adyen.model.notification.NotificationRequestItem;
161161

162162
// YOUR_HMAC_KEY from the Customer Area
163163
String hmacKey = "YOUR_HMAC_KEY";
164+
// The webhook payload
164165
String notificationRequestJson = "NOTIFICATION_REQUEST_JSON";
166+
165167
HMACValidator hmacValidator = new HMACValidator();
166168

167169
WebhookHandler webhookHandler = new WebhookHandler();
@@ -171,6 +173,7 @@ NotificationRequest notificationRequest = webhookHandler.handleNotificationJson(
171173
var notificationRequestItem = notificationRequest.getNotificationItems().stream().findFirst();
172174

173175
if (notificationRequestItem.isPresent()) {
176+
// validate the HMAC signature
174177
if ( hmacValidator.validateHMAC(notificationRequestItem, hmacKey) ) {
175178
// Process the notification based on the eventCode
176179
log.info("Received webhook with event {} : \n" +
@@ -187,16 +190,26 @@ if (notificationRequestItem.isPresent()) {
187190
}
188191
}
189192
~~~~
190-
If you would like to deserialize the Banking Webhooks, first check if the payload is authentic:
193+
When deserializing Banking or Management Webhooks, first check if the payload is authentic:
191194
~~~~ java
192-
String payload = "WEBHOOK_PAYLOAD";
193-
String signKey = "SIGNATURE_RETREIVED_FROM_CA";
194-
String hmacKey = "HMACKEY_RETREIVED_FROM_WEBHOOK_HEADER";
195+
// The webhook payload
196+
String payload = "WEBHOOK_JSON_PAYLOAD";
197+
// HMAC key from Customer Area
198+
String hmacKey = "HMAC_KEY_RETRIEVED_FROM_CA";
199+
200+
// HMAC signature from hmacsignature header
201+
String hmacsignature = headers.get("hmacsignature");
202+
if (hmacsignature == null || hmacsignature.isBlank()) {
203+
throw new RuntimeException("HMAC Signature not found");
204+
}
205+
206+
// validate the HMAC signature
195207
HMACValidator hmacValidator = new HMACValidator();
196-
boolean authenticity = hmacValidator.validateHMAC(hmacKey, signKey, payload);
208+
if (!hmacValidator.validateHMAC(hmacsignature, hmacKey, payload)) {
209+
throw new RuntimeException("Invalid HMAC signature");
210+
}
197211
~~~~
198-
If this bool returns true, you can proceed to deserialize against the desired webhook type.
199-
Use the relevant webhook handler (i.e. ConfigurationWebhooksHandler) to obtain the object representing the event:
212+
Use then the relevant webhook handler (i.e. ConfigurationWebhooksHandler) to obtain the object representing the event:
200213
~~~~ java
201214
ConfigurationWebhooksHandler webhookHandler = new ConfigurationWebhooksHandler(payload);
202215
// onAccountHolderNotificationRequest
@@ -209,7 +222,7 @@ webhookHandler.getBalanceAccountNotificationRequest().ifPresent((BalanceAccountN
209222
});
210223

211224
~~~~
212-
To deserialize Management Webhooks instead, please use the specific webhook handler `ManagementWebhooksHandler`:
225+
To deserialize Management Webhooks use instead the specific webhook handler `ManagementWebhooksHandler`:
213226
~~~~ java
214227
ManagementWebhooksHandler webhookHandler = new ManagementWebhooksHandler(payload);
215228
// onMerchantCreatedNotificationRequest

0 commit comments

Comments
 (0)