Webhooks are the mechanism in which out-of-band processes can communicate with an implemented service.
For all webhooks, The LaunchKey Platform performs a HTTP POST request to a URL designated by the Subscriber.
All Platform events trigger webhooks to the same URL. The particular event needed for processing when receiving the webhook
HTTP request is discernible by its data elements.
The incoming request will be signed and encrypted in the same manner as an outgoing request from the
API. See Cryptography for more information in that regard. All implementations
should verify the request utilizing the JWT provided in the Authorization header
of webhook requests.
The public key utilized to encrypt the webhook data is the same key utilized to initiate
the process that triggered the webhook. For example, if the webhook is for an authorization
response then the public key used to verify signature of the authorization request will be the
public key used to encrypt the authorization response webhook.
POST /launchkey/webhook HTTP/1.1
Authorization: IOV-JWT eyJhbGciOiJSU0EtT0FFUCIsIm.VuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LF
To allow for processing of webhooks with key rotation, an implementation must allow
processing webhooks from keys that may have expired between the time of the request initiating
the process and the triggering of the webhook.
LaunchKey links to user contributed code as a resource to its community. LaunchKey does not in any way
guarantee or warrant the quality and security of these code bases. User contributed code is supported by the
creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any
way, please report that link to LaunchKey immediately and we will investigate the claim. Submit any issue to
LaunchKey support at https://launchkey.com./support.