Generate webhook secret

How It Works

Each time this endpoint is called, Vesicash generates a new cryptographic secret tied to your account. You use this secret on your server to validate the mor-signature header on every incoming webhook request.

1. Call this endpoint

   POST to /v1/account/generate-webhook-secret with your secret-key. No request body is needed.

2. Store the secret securely

   Save the returned webhook_secret in your environment variables or secret manager. Never expose it in client-side code or logs.

3. Verify incoming webhooks On every Vesicash webhook, compute an HMAC-SHA256 signature of the raw request body using your secret, then compare it against the mor-signature header.

POST : v1/account/generate-webhook-secret

Headers

Response

On a successful request, the API will return a response with the following structure:

• webhook_secret (string): The generated webhook secret that will be used for authentication.

{
  "status": "",
  "code": 0,
  "message": "",
  "data": {
    "webhook_secret": ""
  }
}

            

NOTE: Webhook Authentication Using HMAC-SHA256 After authentication using the specified method, the generated webhook token must be stored in a secure location (for example, a secrets manager or encrypted configuration store). The webhook signature is created by computing an HMAC-SHA256 hash on a single string that must be reconstructed exactly on your server.