Skip to content

Webhook Event Validation

Jump to bottom
Jason Ziaja edited this page Jun 10, 2015 · 4 revisions

When a webhook event is sent to your server from PayPal, the received event includes all the information you need to perform the validation by your server.

Using the .NET SDK, your server can call WebhookEvent.ValidateReceivedEvent(...)to quickly and easily validate the received event.

NOTE: For a detailed explanation of the webhook event validation process, refer to PayPal Developer.

Sample

Config File

<configuration>
  <configSections>
    <section name="paypal" type="PayPal.SDKConfigHandler, PayPal" />
  </configSections>

  <!-- PayPal SDK settings -->
  <paypal>
    <settings>
      <add name="mode" value="sandbox"/>
      <add name="clientId" value="__CLIENT_ID__"/>
      <add name="clientSecret" value="__CLIENT_SECRET__"/>
      <add name="webhook.id" value="__WEBHOOK_ID__"/>
    </settings>
  </paypal>
</configuration>

Code

using PayPal.Api;

// The APIContext object can contain an optional override for the trusted certificate.
var apiContext = new APIContext(...);

// Get the received request's headers
var requestheaders = HttpContext.Current.Request.Headers;

// Get the received request's body
var requestBody = string.Empty;
using(var reader = new StreamReader(HttpContext.Current.Request.InputStream))
{
    requestBody = reader.ReadToEnd();
}

// We have all the information the SDK needs, so perform the validation.
var isValid = WebhookEvent.ValidateReceivedEvent(apiContext, requestheaders, requestBody);

Specifying the Trusted Certificate

When WebhookEvent.ValidateReceivedEvent(...) is called, part of the validation ensures the certificate referenced by the Paypal-Cert-Url request header is signed by a trusted root CA.

NOTE: By default, the .NET SDK comes bundled with the trusted root CA.

To change the trusted root CA used to validate the webhook event's certificate, add the following to your config:

<configuration>
  ...
  <paypal>
    <settings>
      ...
      <add name="webhook.trustCert" value="__LOCAL_PATH_TO_CERT_FILE__"/>
      ...
    </settings>
  </paypal>
  ...
</configuration>

Home | Installation | Make Your First Call | Samples | FAQ | Report Issues

Getting Started

Using the PayPal .NET SDK

Extras

Links

Clone this wiki locally