The authentication response event callback is triggered when a user responds the an authentication request on their mobile device.
The incoming request will be encrypted and signed in the same manner requests would be encrypted and signed for outgoing requests being sent to the API. See Cryptography for more information in that regard. The public key utilized to encrypt the webhook data will be the same key utilized to initiate the process that triggered the webhook. For example, off the webhook is for an authorization response, the public key used to verify signature of the authorization request will be the public key used to encrypt the authorization response webhook.
Hint
To allow for processing of webhooks with key rotation, you must allow processing webhooks from keys which may have expired between the time of the request initiating the process and the triggering of the webhook.
POST /launchkey/webhook HTTP/1.1
Host: service.subscriber.com
Content-Type: application/jose
Content-Length: 112
Authorization: IOV-JWT eyJhbGciOiJSU0EtT0FFUCIsIm.VuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LF
eyJhbGciOiAiUlNBLU9BRVAiLCAiZW5jIjogIkEyNTZ.Ppd6dIAkGwcfIelfqOrj3rkw.71lYoW6jBJymhM-QLBQAWA.t-4rRH6GsoXt0.1DGC4k
LaunchKey links to user contributed code as a resource to its community. LaunchKey does not in any way guarantee or warrant the quality and security of these code bases. User contributed code is supported by the creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any way, please report that link to LaunchKey immediately and we will investigate the claim. Submit any issue to LaunchKey support at https://launchkey.com./support. ×