SimpliFi
HomeContact Us
HomeContact Us
    • Introduction
    • SimpliFi Architecture
    • Webhooks
    • Webhook Signature
    • SimpliFi Virtual Card SDK Integration Guide
    • Auth
      • Login to generate JWT token
        POST
      • Login to generate SDK Admin JWT token
        POST
    • Card Program
      • Create Card Program
        POST
      • Get Card Program
        GET
      • Change Card Program Status
        PATCH
      • Link Funding Source to Card Program
        POST
      • Get Balance of Funding Source
        GET
      • Transfer funds from one Card Program to other
        POST
      • Raise Funding Document Upload
        POST
      • Raise Funding
        POST
      • Funding Source Statement
        GET
    • Funding Source
      • Create Rule Group on Funding Account
        POST
      • Update Rule Group on Funding Account
        PUT
      • Delete Rule Group on Funding Account
        DELETE
      • Get Rule Groups on Funding Account
        GET
      • Appply Rule Group on Funding Account
        POST
      • Remove Rule Group on Funding Account
        DELETE
    • Card
      • List all Cards
        GET
      • Create a Card
        POST
      • Get Card Details
        GET
      • Retrieve Balance on the Card
        GET
      • Activate a Card
        POST
      • Manage Card Status
        POST
      • Load a Card
        POST
      • Unload a Card
        POST
      • Renewal of the Card
        POST
      • Request a Physical Card
        POST
      • Get Card Statement
        GET
      • Get Rule Groups on Card
        GET
      • Create Rule Group on Card
        POST
      • Update Rule Group on Card
        PUT
      • Delete Rule Group on Card
        DELETE
      • Apply Rule Group on Card
        POST
      • Remove Rule Group on Card
        DELETE
    • User
      • List all Users
      • Create a User
      • Upload Document
      • Retrieve a User
      • Update a User
      • Delete a User
      • Add update address of user
    • Transaction
      • List All Transactions
    • Fee
      • Add fee configuration
      • Fetch fee config
      • Change the status of fee config
      • Add Fee event against card uuid in queue
      • Apply fee against card uuid present in queue
    • Webhook
      • Get all events
      • Create a webhook
      • Update a Webhook
      • Delete a Webhook
      • Updates the status of Webhook
      • Card Activation webhook
      • Card Issuance webhook
      • Card PIN Setup webhook
      • Card Renewed webhook
      • Card Status Change webhook
      • Card Type Change webhook
      • Card Load webhook
      • Card Unload webhook
      • Card -to- Card Transfer webhook
      • User create webhook
      • User update webhook
      • User delete webhook
      • Card Program Create webhook
      • Funds transfer webhook
      • Raise funding webhook
      • Transaction webhook
      • Transaction Enrichment webhook
      • Fee apply webhook
      • Rule group create webhook
      • Rule group update webhook
      • Rule group delete webhook
      • Wallet rule group create webhook
      • Wallet rule group delete webhook
      • Card rule group create webhook
      • Card rule group delete webhook
    • Schemas
      • Schemas
        • CardToHolderCreationWebhook
        • CardToHolderUpdationWebhook
        • CardToHolderDeletionWebhook
      • Response
        • EntityNotFoundError
      • InstrumentType
      • SdkAuthRequestModel
      • UserRequestModel
      • ErrorModel
      • AddressModel
      • ContactModel
      • UserDetailModel
      • AuthRequestModel
      • UserModel
      • AuthResponseModel
      • MerchantModel
      • DocumentUploadModel
      • FundingSourceResponseModel
      • FundingSourceRequestModel
      • RaiseFundingDocumentModel
      • CardConfigModel
      • CardPoi
      • CardProgramRequestModel
      • CardAmountModel
      • FeesApplicationCardRequest
      • FeeApplicationEventResponse
      • MerchantDetailModel
      • StatementResponse
      • RaiseFundingResponseModel
      • MerchantListModel
      • VelocityControlConfigModel
      • StatementResponseDetails
      • VelocityControlDetailConfigModel
      • TransactionResponse
      • RuleGroupResponseModel
      • TransactionResponseDetails
      • RuleGroupModel
      • TransactionRequestModel
      • RuleGroupTransactionRestrictions
      • FileUploadModel
      • RuleGroupMerchantRules
      • DocumentModel
      • RuleGroupLoadRestrictions
      • RuleGroupSpendRestrictions
      • CardStatusModel
      • CardRenewalModel
      • ApplyFeesOnCardRequest
      • FeesStatusUpdateModel
      • FeesSetupModel
      • CardProgramTransferFundsModel
      • RaiseFundingRequestModel
      • Webhook
      • AddressRequestModel
      • CardRequestModel
      • FeeConfigurationModel
      • CardResponseModel
      • CardStatementResponse
      • CardProgramStatusChangeRequestModel
      • AmountModel
      • CardProgramCreationWebhook
      • WebhookEventType
      • WebhookEventModel
      • WebhookRequestModel
      • WebhookResponseModel
      • FeesSetupBaseModel
      • FundingSourceBalanceModel
      • CardActivationWebhook
      • CompanyUuidParameter
      • FeesSetupRequestModel
      • CardIssuanceWebhook
      • RequestUuidParameter
      • FeeConfigurationBaseModel
      • CardPinSetupWebhook
      • UserUuidParameter
      • FeeConfigurationRequestModel
      • CardRenewedWebhook
      • CardUuidParameter
      • FeeAmountConfigRequestModel
      • CardProgramResponseModel
      • CardStatusChangeWebhook
      • MaskedPanParameter
      • FeesSetupResponseModel
      • CardTypeChangeWebhook
      • CardStatusParameter
      • FeeConfigurationResponseModel
      • CardLoadWebhook
      • TransactionIdParameter
      • FeeAmountConfigResponseModel
      • CardUnloadWebhook
      • TransactionUuidParameter
      • CardToCardTransferWebhook
      • TransactionTypeParameter
      • FundTransferWebhook
      • RaiseFundingWebhook
      • TransactionWebhook
      • CardHolderCreationWebhook
      • TransactionEnrichmentWebhook
      • CardHolderUpdationWebhook
      • FeesApplyWebhook
      • CardHolderDeletionWebhook
      • UserWebhook
      • RuleGroupCreationWebhook
      • RuleGroupUpdationWebhook
      • RuleGroupDeletionWebhook
      • WalletRuleGroupCreationWebhook
      • WalletRuleGroupDeletionWebhook
      • CardRuleGroupCreationWebhook
      • CardRuleGroupDeletionWebhook
      • Error99997
      • Error40089
      • Error40065
      • Error40007
      • Error40056
      • Error30003
      • Error15017
      • Error40081
      • Error30022
      • Error15015
      • Error15016
      • Error30049
      • Error40006
      • Error40010
      • Error40080
      • Error40053
      • Error40113
      • Error40067
      • Error40069
      • Error50010
      • Error50011
      • Error50008
      • Error50004
      • Error10003
      • Error20046
      • Error35004
      • Error35005
      • Error35006
      • Error35007
      • Error35009
      • Error10001
      • Error20133
      • Error20017
      • Error20001
      • Error20005
      • Error20039
      • Error20011
      • Error20038
      • Error20127
      • Error20018
      • Error20002
      • Error20004
      • Error20006
      • Error20032
      • Error30012
      • Error20086
      • Error20019
      • Error20132
      • Error20008
      • Error40054
      • Error20015
      • Error20074
      • Error21090
      • Error20161
      • Error20162
      • Error20089
      • Error20076
      • Error30023
      • Error30013
      • Error20087
      • Error30028
      • Error20070
      • Error20050
      • Error82028
      • Error30004
      • Error30044
      • Error30001
      • Error30006
      • Error30048
      • Error30024
      • Error35043
      • Error30025
      • Error30010
      • Error30047
      • ErrorReason99997
      • Error81040
      • Error40128
      • Error40136
      • Error10035
      • Error35024
      • Error60001
      • Error60002
      • Error60003
      • Error60004
      • Error60005
      • Error60021
      • Error60012
      • Error60009

    Webhook Signature

    Overview#

    A webhook signature is a security mechanism used to verify that an incoming HTTP request actually comes from the expected provider and hasn't been tampered with. It works by using a shared secret key and a hashing algorithm to create a hash of the payload, which is then compared against the signature provided in the request header.
    When SimpliFi sends a webhook, each one contains two entries related to signature. X-SimpliFi-Webhook-Timestamp and X-SimpliFi-Webhook-Signature. Both of these are used to verify the authenticity of the webhook.

    Signature Key#

    This is a pre-shared key which SimpliFi will provide to their client. This key will be used to hash and generate the signature.
    Note: Key is not automatically rotated. It would only be rotated if the client requests a new key, or if SimpliFi suspects the key has been leaked. Please make sure to keep the key secret and do not store it in plain text.

    Timestamp#

    SimpliFi calculates a timestamp when it is sending the webhook. It is a difference between the current time and midnight, January 1, 1970 UTC.

    Signature#

    The webhook signature is calculated by combining the Timestamp value and Payload, then using HmacSHA256 algorithm the combined value is hashed. This hashed value is then encoded using Base 64.

    Verification#

    To verify the webhook, a signature should be generated and compared with the supplied signature. What you need is:
    1.
    Signature Key - This is a pre-shared key generated by SimpliFi and shared offline.
    2.
    JSON Payload - This is the body of the webhook. The format of the content is in JSON, however it is sent as application/text so that it is not automatically converted into a formatted JSON by any processors.
    Note: JSON payload should not be altered in anyway to caclulate the signature. Any extra character (or whitespace) will give wrong results.
    3.
    Timestamp - This is supplied in the header of the webhook. The key is X-SimpliFi-Webhook-Timestamp.
    4.
    Signature - This is supplied in the header of the webhook. The key is X-SimpliFi-Webhook-Signature.
    Following is an example on how to generate a signature from the above:
    Modified at 2026-05-13 04:31:15
    Previous
    Webhooks
    Next
    SimpliFi Virtual Card SDK Integration Guide
    Built with