All communications between the publisher and the Appcharge system are authenticated and secure using HTTPS and authentication methods.Appcharge uses signature hashing for secure communication between the two platforms. The main key can be found in the Appcharge dashboard, Admin panel, and Integration tab.In every webhook coming from Appcharge 2 HTTP headers will be added:
“x-publisher-token” - the publisher token found in the Dashboard admin panel, integration tab, can be used for multiple Appcharge accounts.
“signature” - the HTTP payload signed (hashed) using the below description:
The schema consists of 2 parts:
Time in UNIX timestamp format
Time is in UTC Now
Verify that the time sent in the payload is at the last 1-5 minutes
The HTTP payload sign using sha256 and the main key. Formatting the output in hex encoding