Phenixio Knowledge Base
  • Overview
  • Getting Started
    • Quick Start
    • How Phenixio Works
    • Security
  • Features
    • Real-time Payments
    • Cross-Border Payments
    • Micropayments
    • Fraud Free Settlements
    • 3rd Party Wallet Compatibility
    • Single-click Checkouts
    • Account Activity & Audits
    • Hardware Wallet Support
    • Automated Withdrawals
    • Currency Rate Conversions
    • Role-Based Access Permission
  • For Developers
    • Sandbox Test Environment
    • Webhooks
    • Payment Event Tokens
    • Access & Refresh Tokens
    • IP Whitelisting
    • Custom Metadata
    • Interactive API Reference
  • Integrations
    • Client Libraries
    • Django
    • Slack
    • Unity
    • WooCommerce
  • Resources
    • Use Cases
    • FAQ
    • Pricing
    • API Reference
    • Dashboard Login
    • Service Status
    • Apply for Pilot Program
    • Support
  • Lightning Technology
    • What is the Lightning Network?
Powered by GitBook
On this page

Was this helpful?

  1. For Developers

Payment Event Tokens

PreviousWebhooksNextAccess & Refresh Tokens

Last updated 3 years ago

Was this helpful?

If you have a webhook endpoint on your web application and configured your Phenixio account settings accordingly (See previous section: ) we will sent you event notifications when a payment event happens.

Json Web Tokens (JWTs)

For the convenience and security purposes we use industry standard JWTs. If you are not already familiar with JWTs, you can learn more about here: . They are really simply JSON messages with cryptographic signatures, providing secure communication between two parties.

Tamper Proof

JSON content is safe against tampering. If the content of the message is changed by an attacker, signature becomes invalid. Since the attacker does not have the private key to generate a valid signature, their attempt will fail.

Public Key Cryptography

Currently we use RS256 (RSA Signature with ), it is an , and it uses a public/private key pair: the identity provider has a private (secret) key used to generate the signature, and the consumer of the JWT gets a public key to validate the signature. This helps us avoid sharing the secret. Only the private key holder can generate valid signature for a given public key. But anyone with the public key can verify the token is indeed generated by the trusted party.

Webhooks
jwt.io
SHA-256
asymmetric algorithm