Note that this process is not required for
pull type Endpoints.
Within a minute (typically about 15 seconds) of registering an endpoint, our system will run a series of test to ensure that the endpoint responds correctly to some random scenarios. For the endpoint to be armed it must return the following Http Status Codes for the scenarios described:
400(Bad Request) is returned if the content received by Pay Advantage is null or empty.
403(Forbidden) is returned if the Pay Advantage request does not include the header
x-payadvantage-signatureor the header value(s) are all null or empty.
400(Bad Request) is returned if the request is an empty array or not an array of webhook objects.
400(Bad Request) is returned if the request array contains an item with null or empty values. All values for all items should be populated.
401(Unauthorized) is returned if the
x-payadvantage-signaturedoes not match the signature your endpoint calculates based on the raw content received and the secret assigned to your endpoint.
202(Accepted) is returned if none of the above criteria eventuate. The endpoint should respond ASAP and not perform lengthy processing before returning a response. We recommend you queue these events and process them later using some strategy (new thread, message queues, etc).
If a response is not received within 30 seconds a timeout will occur and your endpoint could end up being disabled. These Webhooks will not be marked as accepted and will be fired again to the endpoint on the next re-attempt.
A disabled Endpoint will not be armed (check the
IsArmed property on the Endpoint). To re-enable the endpoint review the errors on the endpoint and ensure these issues are resolved. You then follow the Registering an Endpoint process using the same Endpoint Url. This will reattempt the arming process.