Notifications
Overview
As a part of the integration, Kard provides issuers with near real-time notifications via webhooks about important event updates to your rewards program. These notifications are designed in a way where they can be sent directly to your users, enhancing engagement and fostering a more connected, synchronous experience between you and your user base.
Notification webhooks are sent to the designated webhook URL provided by the issuer for each event type, ensuring timely and reliable delivery. To receive notifications, you can self-subscribe to events via API with the Create Subscriptions endpoint. For comprehensive details on payloads and supported event types, please refer to our API Reference section.
We currently support the following event types:
- earnedRewardApproved: receive notifications for when an approved transaction qualifies for a reward
- earnedRewardSettled: receive notifications for when a settled transaction qualifies for a reward
Each notification payload includes:
- Message: A message field with suggested text enabling you to easily send out push notifications to your users.
- Attribution: An attribution field with attribution links enabling you to collect and send attribution related to your notifications. For more details on attribution and how to use these links, visit this page.
- Idempotency: A unique id for each notification, which serves as an idempotency key to ensure consistent and reliable information delivery.
Webhook Authentication
For the notifications webhook, Kard will be posting outbound to a URL provided by the issuer client. This webhook is validated via HMAC signature.
An issuer client will be provided with a webhook key that is used to generate an HMAC of the webhook body. The
HMAC is calculated by Kard and will be sent in the notify-signature
header. Note that header request attributes
are processed as case-insensitive.
To validate, the issuer client should generate the HMAC with the provided key, body and SHA-256 hashing algorithm and compare against the HMAC provided in the header.
The following is a Node.js code recipe that shows one approach to:
- Stand up a service to ingest a notification webhook
- Implement HMAC signature verification
Code Recipe: Authenticating, then Ingesting a Notification Webhook
auth.js
: signature verification middlewareindex.js
: POST endpoint