get
https://api.payments.akahu.io/v1/webhooks/keys/
Retrieve a webhook public signing key by ID, in PEM format.
The IDs used for this endpoint are supplied in the x-akahu-payments-signing-key header on webhook requests.
This key can be used to verify a one-off payment webhook by:
-
Taking the signature from the webhook request's
x-akahu-payments-signatureheader. -
Taking the webhook signing key ID from the webhook request's
x-akahu-payments-signing-keyheader. -
Fetching the webhook signing key from this endpoint, using the ID from step 2. This should be cached.
-
Taking the raw body from the webhook request (before any parsing is applied)
-
Use the public key to verify that the body was correctly signed (using RSA-SHA256). This varies by language, see our article on enduring webhooks for some examples.