PayPal · Schema

Verify Webhook Signature

A verify webhook signature request.

BillingCommerceDisputesInvoicesOrdersPaymentsPayoutsSubscriptionsTokensWebhooks

Properties

Name Type Description
auth_algo string The algorithm that PayPal uses to generate the signature and that you can use to verify the signature. Extract this value from the `PAYPAL-AUTH-ALGO` response header, which is received with the webhoo
cert_url string The X.509 public key certificate. Download the certificate from this URL and use it to verify the signature. Extract this value from the `PAYPAL-CERT-URL` response header, which is received with the w
transmission_id string The ID of the HTTP transmission. Contained in the `PAYPAL-TRANSMISSION-ID` header of the notification message.
transmission_sig string The PayPal-generated asymmetric signature. Appears in the `PAYPAL-TRANSMISSION-SIG` header of the notification message.
transmission_time string The date and time of the HTTP transmission, in [Internet date and time format](https://tools.ietf.org/html/rfc3339#section-5.6). Appears in the `PAYPAL-TRANSMISSION-TIME` header of the notification me
webhook_id string The ID of the webhook as configured in your Developer Portal account.
webhook_event object
View JSON Schema on GitHub

JSON Schema

paypal-verify-webhook-signature-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "#/components/schemas/verify_webhook_signature",
  "title": "Verify Webhook Signature",
  "type": "object",
  "description": "A verify webhook signature request.",
  "properties": {
    "auth_algo": {
      "type": "string",
      "maxLength": 100,
      "pattern": "^[a-zA-Z0-9]+$",
      "description": "The algorithm that PayPal uses to generate the signature and that you can use to verify the signature. Extract this value from the `PAYPAL-AUTH-ALGO` response header, which is received with the webhook notification."
    },
    "cert_url": {
      "type": "string",
      "maxLength": 500,
      "format": "uri",
      "description": "The X.509 public key certificate. Download the certificate from this URL and use it to verify the signature. Extract this value from the `PAYPAL-CERT-URL` response header, which is received with the webhook notification."
    },
    "transmission_id": {
      "type": "string",
      "maxLength": 50,
      "pattern": "^(?!\\d+$)\\w+\\S+",
      "description": "The ID of the HTTP transmission. Contained in the `PAYPAL-TRANSMISSION-ID` header of the notification message."
    },
    "transmission_sig": {
      "type": "string",
      "maxLength": 500,
      "pattern": "^(?!\\d+$)\\w+\\S+",
      "description": "The PayPal-generated asymmetric signature. Appears in the `PAYPAL-TRANSMISSION-SIG` header of the notification message."
    },
    "transmission_time": {
      "type": "string",
      "maxLength": 100,
      "format": "date-time",
      "description": "The date and time of the HTTP transmission, in [Internet date and time format](https://tools.ietf.org/html/rfc3339#section-5.6). Appears in the `PAYPAL-TRANSMISSION-TIME` header of the notification message."
    },
    "webhook_id": {
      "type": "string",
      "maxLength": 50,
      "pattern": "^[a-zA-Z0-9]+$",
      "description": "The ID of the webhook as configured in your Developer Portal account."
    },
    "webhook_event": {
      "$ref": "#/components/schemas/event"
    }
  },
  "required": [
    "auth_algo",
    "cert_url",
    "transmission_id",
    "transmission_sig",
    "transmission_time",
    "webhook_id",
    "webhook_event"
  ]
}