These are the requirements and steps for decrypting a Webhook.

Structure of the message that our webhooks send
{
  "data": "bea4343c5d815cba55c6e1bcb835bcbea43432abc014f7b48a63....",
  "iv": "1aa8ebae81e116621251993df3b155d4"
}
Secret is used to decrypt the webhook payload.

Standard decryption for aes-256-cbc using the data, the iv, and the secret returned during the webhook registration.

1

Converts the hexadecimal IV to a byte buffer

  • [Recommendation] Check if the key length is 32 bytes, which is the required size for the AES-256 encryption algorithm.
TypeScript Example
const key = Buffer.from(WEBHOOK_SHARED_SECRET_ENCRYPTION_KEY, "base64");
if (key.length !== 32) {
  throw new Error("Encryption key must be 256 bits (32 bytes)");
}
  • Converts the hexadecimal IV to a byte buffer.
TypeScript Example
const ivBuffer = Buffer.from(iv, "hex");
2

Decryption

  • Creates a decryptor object using the AES-256 algorithm in CBC (Cipher Block Chaining) mode, the key and the IV.
TypeScript Example
const decipher = crypto.createDecipheriv("aes-256-cbc", key, ivBuffer);
  • Start decrypting the data and store the result.
TypeScript Example
let decrypted = decipher.update(data, "hex", "utf8");
decrypted += decipher.final("utf8");

Disclaimer: All technical documentation is subject to the terms and conditions, which apply supplementarily and take precedence over the documentation.