Authentication & Security
Learn about the required headers and security validation steps for Amwal webhook requests.
Required Headers
Webhook requests from Amwal include these headers:
| Header | Description | Example |
|---|---|---|
X-API-Key | API key fingerprint | 8a7d42f1c4e6ba957beec92f2cad51d0b3ec4f8c9a1529e8f35e53a1de1a8b3b |
X-Signature | Base64-encoded RSA-PSS signature | eyJhbGciOiJSUzI1NiJ9... |
Content-Type | Always application/json | application/json |
Security Validation Steps
- Verify X-API-Key - Match with your stored API key fingerprint.
- Verify X-Signature - Use RSA-PSS with SHA-256 for payload validation.
- Check webhook enablement - Ensure webhooks are active.
- Validate payload structure - Confirm required fields.
- Implement idempotency - Manage duplicate deliveries.
Signature Verification
- Algorithm: RSA-PSS (PKCS#1 PSS)
- Hash Function: SHA-256
- MGF: MGF1 with SHA-256
- Salt Length: Auto
- Encoding: Base64
Updated about 15 hours ago