Webhooks are the mechanism in which out-of-band processes can communicate with an implemented service.


For all webhooks, The LaunchKey Platform performs a HTTP POST request to a URL designated by the Subscriber. All Platform events trigger webhooks to the same URL. The particular event needed for processing when receiving the webhook HTTP request is discernible by its data elements.


The incoming request will be signed and encrypted in the same manner as an outgoing request from the API. See Cryptography for more information in that regard. All implementations should verify the request utilizing the JWT provided in the Authorization header of webhook requests.

The public key utilized to encrypt the webhook data is the same key utilized to initiate the process that triggered the webhook. For example, if the webhook is for an authorization response then the public key used to verify signature of the authorization request will be the public key used to encrypt the authorization response webhook.

Example request:

POST /launchkey/webhook HTTP/1.1
Host: service.subscriber.com
Content-Type: application/jose
Content-Length: 112
Authorization: IOV-JWT eyJhbGciOiJSU0EtT0FFUCIsIm.VuYyI6IkEyNTZHQ00ifQ.OKOawDo13gRp2ojaHV7LF



To allow for processing of webhooks with key rotation, an implementation must allow processing webhooks from keys that may have expired between the time of the request initiating the process and the triggering of the webhook.

User Contributed

LaunchKey links to user contributed code as a resource to its community. LaunchKey does not in any way guarantee or warrant the quality and security of these code bases. User contributed code is supported by the creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any way, please report that link to LaunchKey immediately and we will investigate the claim. Submit any issue to LaunchKey support at https://launchkey.com./support. ×