Skip to main content

Cardholder Alerts

Alerts generated by the antifraud tool are notified via Webhook. To do so, it is necessary to configure an endpoint address through which we will send the notifications, as well as a secret_token that will be used to sign the request. This configuration must be done through our support team.

In this notification we will send information about the generated alerts, as well as which cardholder they refer to, so that the client can take action—for example, sending a push notification to the cardholder.

Request

Request Body
    {
        "alert_key": "123456",
        "cardholder_id": "ef47bc3f-61ac-4b85-ad67-0cfa3a422201",
        "company_name": "Cliente 1",
        "irregularity_type" : "fraud",
        "risk_level": "critical"
    }

The request has the format above and notifies the opening of a new alert for a Cardholder — identified by cardholder_id.

Webhook Signature

Example of signature calculation in Python

    hmac_obj = hmac.new(signature_key.encode('utf-8'), (endpoint + method + payload).encode('utf-8'), hashlib.sha1)
    return hmac_obj.hexdigest()

To ensure that the request received at the webhook endpoint comes from our servers, an HMAC signature is sent in the Signature header, similar to the authentication process.

After calculating the expected signature value on the server side, you must compare the calculated signature with the one sent. If the signatures match, this means that the request came from our servers and is trustworthy.

Retries

The notification is considered successful when it receives an HTTP Status 200 as response. If the notifications fail, 5 retries will be made with the following intervals until a 200 is returned or the attempts are exhausted:

  • 30 seconds
  • 60 seconds
  • 120 seconds
  • 240 seconds
  • 360 seconds