Menu
Feedback
Start here
Tutorials
Developer portal

Known Issues
Support Rules
Troubleshooting

Frequently Asked Questions
Announcements
News
Announcements
Callback URL signature: Blocking asynchronous payment authorizations without an authentication token
Photo of the author
PedroAntunesCosta
Published on 5/3/2024
Last update on 5/3/2024

To enhance payment operations on the platform, VTEX is implementing the X-VTEX-signature authentication token. Payment providers and partners must use this token to report the status of asynchronous payment transactions via a callback URL.

As of May 27, 2024, the VTEX gateway will automatically include the callback URL information and the respective authentication token with each payment transaction.

Example of a callback URL containing the authentication token:

https://gatewayqa.vtexpayments.com.br/api/pvt/payment-provider/transactions/8FB0F111111122222333344449984ACB/payments/A2A9A25B11111111222222333327883C/callback?accountName=teampaymentsintegrations&X-VTEX-signature=R123456789aBcDeFGHij1234567890tk

What needs to be done?

Starting June 26, 2024, all payment providers and partners must report the status of asynchronous payment transactions exclusively via the callback URL and authentication token.

After this date, any transaction status updates sent only via callback URL (without the authentication token) will be blocked, and the respective payment transactions will be canceled.

For more information about the callback URL, see Payment Provider Protocol and Create Payment endpoint.

Was this helpful?
Yes
No
Suggest Edits (GitHub)
On this page
Still got questions?
Ask the community
Find solutions and share ideas in the VTEX community.
Join our community
Request support from VTEX
For personalized assistance, contact our experts.
Open a support ticket
GithubDeveloper portalCommunityFeedback