How do I authenticate the signature for webhook? Nothing is mentioned in the document regarding the authentication
Hello @FaizanAhmad,
To better assist you, could you please share a bit more detail about what solution you’re trying to implement?
Specifically, it would help to know:
- Which Maya product you’re using (e.g., Maya Checkout, Payments via Maya Vault, Pay with Maya)
- Whether you’re integrating in a sandbox or production environment
At the moment, signature-based authentication for webhooks is not yet available in Webhooks for Online Payments.
To improve security, the Maya Developer Hub documentation currently recommends applying an IP whitelisting mechanism. This means configuring your firewall, load balancer, or application layer to accept webhook requests only from Maya’s documented IP addresses and reject requests from other sources.
In addition to IP whitelisting, make sure to:
- Validate the webhook payload (e.g., payment ID, event type, or payment status) before processing
- Implement idempotent handling, since the same event may be delivered more than once
- Return a 2xx HTTP status code once the webhook is successfully processed to stop retries
If you can share more details about your use case, we can provide more targeted guidance.
2 Likes