Verifies a callback so that it can receive notifications.
|callbackId||string||Required||Unique identifier of the callback.|
|verificationKey||string||Required||Unique, single-use verification code for the callback. Supplied during callback creation via an HTTPS POST.|
The Event Notification Service requires a two-step verification process for registering a callback. Two-step verification ensures that the stream of event notifications can’t be used to attack an external URL endpoint. To achieve this security, the URL endpoint must have a critical role in the verification process. Therefore, it’s the only receiver of the single-use verification key needed to complete callback verification.
In callback verification, a unique, single-use verification key is generated when you create a callback and is sent to the callback URL that you registered using the create callback route. The payload that is posted to the callback URL is the same payload used to call the verify callback route.
The URL endpoint must do one of the following.
- Capture verification details, including the verification key, and immediately return them by calling the verify callback route.
- Capture verification details, including the verification key, in a way that allows a developer to manually call the verify callback route.
If you choose to allow manual verification, use the following code in your callback implementation to log the verification details.
To manually verify the callback, use the logged verification details to invoke the verify callback route.
Ensure that your callback completes verification within four hours.
|200 OK||Callback successfully verified|
|400 Bad Request||Invalid request|
|403 Forbidden||Failed to pass authorization.|
|404 Not Found||Incorrect callback ID, verification key, or both.|
|500 Server Error||Internal error|