Skip to main content

Configuration

Straumur delivers webhooks to notify your system about events in the payments platform. Examples include a cardholder completing a payment or the initiation of a refund.

For each event, Straumur sends an HTTP POST request to your server, with the event details provided in the request body.

Set up webhook

You can configure your webhook endpoints through the following portals:

  • Merchant Portal – Configure webhook endpoints and manage notification settings for your merchant account. Set up webhook URLs for payment events and customize which events trigger notifications and for which agreements.

  • Partner Portal – For partners, manage webhook configurations across multiple merchant agreements and access advanced webhook integration settings.

Security

Every webhook includes an HMAC signature which can be validated by obtaining the HMAC key from the portals above. While HMAC validation is recommended for ensuring the authenticity and integrity of the webhook payload, it is not required. Each webhook group has instructions on how to validate HMAC.

To validate the HMAC signature:

  • Recreate the HMAC using the shared secret key and the webhook payload.
  • Compare the generated HMAC with the HMAC signature from the webhook message.
  • If they match, the message is verified; if not, reject the message to avoid processing potentially altered data.
  • This process ensures secure handling of webhook data and helps prevent unauthorized access or tampering.