### Example Authorization Header Source: https://docs.checkbook.io/docs/integrations/oauth An example of how the Authorization header would look with a specific access token. ```http Authorization: bearer Nv6XB8OQ3IfT77Y9IknZqe87bFiF6Z ``` -------------------------------- ### Prepared Payload Example for Signature Generation Source: https://docs.checkbook.io/docs/api/webhooks Example of the prepared payload for signature generation, which concatenates the webhook body and the nonce. Ensure exact spacing. ```text { "id": "de7ef9b5ed7945368cd9d5c84c13d86b" }1243549809 ``` -------------------------------- ### Webhook Signing Key Example Source: https://docs.checkbook.io/docs/api/webhooks Example of a Checkbook webhook signing key. This key is used to generate and verify webhook signatures. ```text 335b5728e25b582e88995fce207bff380 ``` -------------------------------- ### Webhook Request Example Source: https://docs.checkbook.io/docs/api/webhooks Example of an incoming webhook POST request, including headers and payload. The signature header contains nonce and signature values. ```http POST https://dundermifflin.com/webhook/checkbook Content-Type: application/json signature: nonce=1243549809,signature=ee23a8e152384caa501647cf550c9b7c3e74162af2811863d1c5f62f67b93bb2 { "id": "de7ef9b5ed7945368cd9d5c84c13d86b" } ``` -------------------------------- ### API Authorization Header Example Source: https://docs.checkbook.io/docs/api/authentication Include your publishable and secret keys, separated by a colon, in the Authorization header for HTTP requests. ```http Authorization: d6aa2703655f4ba2af2a56202961ca86:dXbCgzYBMibj8ZwuQMd2NXr6rtvjZ8 ``` -------------------------------- ### Example cURL Request with Idempotency-Key Source: https://docs.checkbook.io/docs/api/idempotent-requests Include the `Idempotency-Key` header in your POST requests to ensure idempotency. This key should be a unique string for each operation. ```curl curl -X POST \ -H "Authorization: d6aa2703655f4ba2af2a56202961ca86:dXbCgzYBMibj8ZwuQMd2NXr6rtvjZ8" \ -H "Content-Type: application/json" \ -H "Idempotency-Key: employee-of-the-month-bonus-payment-id22" \ -d '{ "name": "Dwight Schrute", "recipient": "dwight@dundermifflin.com", "amount": 500.00, "description": "Employee of the Month Bonus" }' \ https://demo.checkbook.io/v3/check/digital ``` -------------------------------- ### Invoice Webhook Example Source: https://docs.checkbook.io/docs/api/webhooks This JSON object details a webhook event for an invoice status update. It contains the invoice ID and its current status. ```json { "status": "PAID", "id": "438fd2d78d7b4b579d6d0968633768f3", "type": "INVOICE" } ``` -------------------------------- ### Wallet Webhook Example Source: https://docs.checkbook.io/docs/api/webhooks This JSON object represents a webhook for incoming funds applied to a Checkbook wallet. It includes the wallet ID, transaction amount, and updated balance. ```json { "amount": 500.00, "balance": 1852.23, "id": "5b7946d45a7a4c7eb457cb7fe05250b3", "type": "PREFUND_ACCOUNT", "user_id": "bb100683cfa34ed9a17e42de91e1ea28", "description": "Dinner party Dundie Award refund" } ``` -------------------------------- ### Payment Webhook Example Source: https://docs.checkbook.io/docs/api/webhooks This JSON object represents a webhook notification triggered by a change in a payment's status. It includes the payment ID and its new status. ```json { "status": "IN_PROCESS", "id": "8b0ececd521c425db52cddf8d6930d54", "type": "CHECK", "deposit_option": "ACH" } ``` -------------------------------- ### Example Error Response JSON Source: https://docs.checkbook.io/docs/api/error-codes This JSON structure is returned when an API request fails, providing specific details about the error and potentially the problematic parameter. ```json { "error": "JSON body parameters are invalid.", "more_info": { "amount": "Must be greater than or equal to 0.01." } } ``` -------------------------------- ### Bank Account Webhook Example Source: https://docs.checkbook.io/docs/api/webhooks This JSON payload signifies a webhook notification for a bank account status change, such as verification completion. It includes the account ID and associated user ID. ```json { "status": "VERIFIED", "id": "1bc0ce5ce7cf447ca9f2dad1ee2a98ce", "type": "ACCOUNT", "user_id": "bb100683cfa34ed9a17e42de91e1ea28" } ``` -------------------------------- ### Integrate Deposit Widget for Bank Accounts Source: https://docs.checkbook.io/docs/products/widgets Use the Deposit widget to collect banking information for payment deposits. It integrates seamlessly into your software for a smooth user experience. ```html
``` -------------------------------- ### User Status Change Webhook Source: https://docs.checkbook.io/docs/api/webhooks A webhook is generated when a user's status changes, for example from 'PENDING' to 'VERIFIED'. The payload contains the updated status, user ID, and event type. ```json { "status": "VERIFIED", "id": "47eb74bc049d4990b53983bd976ec2e9", "type": "USER" } ``` -------------------------------- ### Onboard Bank Accounts with Add Account Widget Source: https://docs.checkbook.io/docs/products/widgets Use the Add Account widget to collect bank and card information directly within your application. This widget ensures a seamless user experience and leverages Checkbook's compliance solutions. ```html
``` -------------------------------- ### Access Token Response Source: https://docs.checkbook.io/docs/integrations/oauth This JSON object is returned upon successful authentication, containing the access token and other relevant details. ```json { "access_token": "Nv6XB8OQ3IfT77Y9IknZqe87bFiF6Z", "token_type": "Bearer", "expires_in": 15552000, "refresh_token": "v0sRbFofMnKB2GmMyGnoOsot1VbpDU", "scope": "check" } ``` -------------------------------- ### Wallet Webhook Source: https://docs.checkbook.io/docs/api/webhooks This webhook is generated when incoming funds are successfully applied to a Checkbook wallet. ```APIDOC ## Wallet Webhook ### Description This webhook is triggered when incoming funds are successfully applied to a Checkbook wallet. The `PREFUND_ACCOUNT` type is the best indicator that funds have been applied. ### Event Payload Example ```json { "amount": 500.00, "balance": 1852.23, "id": "5b7946d45a7a4c7eb457cb7fe05250b3", "type": "PREFUND_ACCOUNT", "user_id": "bb100683cfa34ed9a17e42de91e1ea28", "description": "Dinner party Dundie Award refund" } ``` ### Fields Key| Description ---|--- **amount** (number) - Required| Amount of the funds application. **balance** (number) - Required| New balance of the wallet, after the application of the funds. **id** (string) - Required| ID of the wallet. **type** (string) - Required| Type of webhook received. For this event, it will be `PREFUND_ACCOUNT`. **user_id** (string) - Required| ID of the user associated with the wallet. **description** (string) - Optional| Additional details associated with the payment. ``` -------------------------------- ### Authorization Request Source: https://docs.checkbook.io/docs/integrations/oauth Initiates the OAuth 2.0 flow by redirecting the user to Checkbook's authorization server. Requires client ID, redirect URI, response type, and scope. ```APIDOC ## Authorization Request ### Description Redirects the user's browser to the Checkbook authorization server to request authorization for your application. ### Method GET ### Endpoint `https://app.checkbook.io/oauth/authorize` ### Parameters #### Query Parameters - **client_id** (string) - Required - The client ID obtained during application registration. - **redirect_uri** (string) - Required - The URI where Checkbook will redirect the user after authorization. - **response_type** (string) - Required - Must be set to `code` for the Authorization Code Grant. - **scope** (string) - Required - Specifies the access level. Accepted values: `check` (multiple uses) or `single-use` (one use). ``` -------------------------------- ### Request Access Token with Authorization Code Source: https://docs.checkbook.io/docs/integrations/oauth This POST request exchanges the authorization code for an access token. Ensure all parameters, including client ID, secret, redirect URI, and scope, are correctly configured. ```http POST https://app.checkbook.io/web/v1/auth/oauth/token Content-Type: application/x-www-form-urlencoded client_id=313910200b834c009f62ae47feeee407&grant_type=authorization_code&scope=check&code=8hXMj1T9D36qL2uzb19s5OaNnkT6Vq&redirect_uri=https://dundermifflin.com&client_secret=dXbCgzYBMibj8ZwuQMd2NXr6rtvjZ8 ``` -------------------------------- ### HMAC Signature Verification Source: https://docs.checkbook.io/docs/api/webhooks This Java code demonstrates how to compute the HMAC-SHA256 signature for incoming webhook requests to verify their authenticity. ```APIDOC ## Compute HMAC Signature This Java code snippet shows how to compute the HMAC-SHA256 signature for a given payload and secret key. ### Method `computeSignature(String message, String secretKey)` ### Parameters - **message** (String) - The data to sign, typically the payload concatenated with the nonce. - **secretKey** (String) - Your webhook signing key. ### Returns - **String** - The computed HMAC-SHA256 signature in hexadecimal format. ### Example Usage ```java import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import java.nio.charset.StandardCharsets; public class HmacVerifier { public static String computeSignature(String message, String secretKey) throws Exception { Mac mac = Mac.getInstance("HmacSHA256"); String hex = ""; SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(StandardCharsets.UTF_8), "HmacSHA256"); mac.init(secretKeySpec); byte[] hmacBytes = mac.doFinal(message.getBytes(StandardCharsets.UTF_8)); for (byte i : hmacBytes) { hex += String.format("%02x", i); } return hex; } public static void main(String[] args) { String webhookKey = "YOUR_WEBHOOK_KEY"; // Replace with your actual webhook key String nonce = "SOME_NONCE"; // The nonce received in the header String payload = "{ \"id\": \"some_id\" }"; // The webhook payload String dataWithNonce = payload + nonce; try { String signature = computeSignature(dataWithNonce, webhookKey); System.out.println("Computed Signature: " + signature); // Compare this signature with the 'signature' header value } catch (Exception e) { System.err.println("Error computing signature: " + e.getMessage()); } } } ``` #### Compare the hash Compare the generated hash with the `signature` value in the `signature` header. If they match, the request is authentic. ``` -------------------------------- ### Authorization Header Format Source: https://docs.checkbook.io/docs/integrations/oauth Use this format for the Authorization header when making requests to protected API endpoints. ```http Authorization: bearer {access_token} ``` -------------------------------- ### Obtain Access Token Source: https://docs.checkbook.io/docs/integrations/oauth The Checkbook authorization server issues an access_token upon successful credential verification. This token is used for subsequent API requests. ```APIDOC ## Obtain Access Token ### Description Upon successful verification of credentials, the Checkbook authorization server issues an `access_token` to the client application. This token, along with its type, expiration time, a `refresh_token`, and granted scopes, is returned in a JSON object. ### Response #### Success Response (200) - **access_token** (string) - The token used for authenticating API requests. - **token_type** (string) - The type of token, typically 'Bearer'. - **expires_in** (integer) - The time in seconds until the access token expires. - **refresh_token** (string) - A token used to obtain a new access token without re-authorization. - **scope** (string) - The scope of access granted by the token. ### Response Example ```json { "access_token": "Nv6XB8OQ3IfT77Y9IknZqe87bFiF6Z", "token_type": "Bearer", "expires_in": 15552000, "refresh_token": "v0sRbFofMnKB2GmMyGnoOsot1VbpDU", "scope": "check" } ``` ``` -------------------------------- ### Resource Access with Access Token Source: https://docs.checkbook.io/docs/integrations/oauth Client applications use the obtained access_token in the Authorization header to make authenticated requests to the Checkbook API. ```APIDOC ## Resource Access ### Description To access protected resources on the Checkbook API, the client application must include the `access_token` in the `Authorization` header of its HTTP requests. The header should be formatted as `Authorization: bearer {access_token}`. ### Request Example ``` Authorization: bearer Nv6XB8OQ3IfT77Y9IknZqe87bFiF6Z ``` ``` -------------------------------- ### Standard CSV Template for Bulk Payments Source: https://docs.checkbook.io/docs/products/payments/bulk Use this CSV format for sending single-recipient payments in bulk. Ensure columns match exactly: Name, Address, Amount, Check Number (optional), and Description. ```csv Name,Address,Amount,Check Number,Description Dwight Schrute,dwight@dundermifflin.com,500.00,1001,Employee of the Month Bonus Schrute Farms,"Rural Rt. 6, Honesdale PA 18431",750,1002,Monthly beet shipment Kevin Malone,kevin@dundermifflin.com,15.99,1003,Chili delivery ``` -------------------------------- ### User Status Change Webhook Source: https://docs.checkbook.io/docs/api/webhooks A webhook is generated when a user's status changes, such as transitioning from 'PENDING' to 'VERIFIED'. ```APIDOC ## User Status Change Webhook ### Description This webhook is triggered when a user's status is updated. The payload includes the new status, the ID of the user, and the type of webhook. ### Event USER_STATUS_CHANGED ### Payload Structure ```json { "status": "VERIFIED", "id": "47eb74bc049d4990b53983bd976ec2e9", "type": "USER" } ``` ### Fields - **status** (string) - The new status of the user. Possible values: `UNVERIFIED`, `PENDING`, `VERIFIED`, `SUSPENDED`, `CLOSED`. - **id** (string) - The unique identifier for the user. - **type** (string) - Indicates the type of webhook received, which is `USER` for this event. ``` -------------------------------- ### Payment Webhook Source: https://docs.checkbook.io/docs/api/webhooks This webhook is generated when the status of a payment changes. It provides details about the payment's current status and ID. ```APIDOC ## Payment Webhook ### Description This webhook is triggered when a payment's status is updated. For example, when a payment transitions from `UNPAID` to `IN_PROCESS`. ### Event Payload Example ```json { "status": "IN_PROCESS", "id": "8b0ececd521c425db52cddf8d6930d54", "type": "CHECK", "deposit_option": "ACH" } ``` ### Fields Key| Description ---|--- **status** (string) - Required| Status of the payment — possible values are: `IN_PROCESS`, `PAID`, `FAILED`, `PRINTED`, `VOID`, `EXPIRED`, `MAILED`, `REFUNDED` **id** (string) - Required| ID of the payment **type** (string) - Required| Type of webhook received. For this event, it will be `CHECK`. **deposit_option** (string) - Optional| Payment rail used to receive the payment — possible values are: `ACH`, `MAIL`, `PRINT`, `INSTANT`, `RTP`, `WALLET`, `PAYPAL`, `VENMO`, `INTERAC`, `WIRE`, `SWIFT` **Note** A `PAID` status indicates the funds have been sent to the recipient. Settlement times depend on the payment rail. ``` -------------------------------- ### Display Virtual Card Information Source: https://docs.checkbook.io/docs/products/widgets Utilize the Virtual Card widget to securely display card details to recipients. This leverages Checkbook's PCI DSS compliance for enhanced security. ```html
``` -------------------------------- ### Webhook Signature Verification in Go Source: https://docs.checkbook.io/docs/api/webhooks Verify the authenticity of incoming webhook requests using HMAC-SHA256 in Go. Ensure the request originates from Checkbook and has not been tampered with. ```go import ( "crypto/hmac" "crypto/sha256" "encoding/hex" ) payload := "{ \"id\": \"de7ef9b5ed7945368cd9d5c84c13d86b\" }1243549809" webhookKey := []byte("335b5728e25b582e88995fce207bff380") h := hmac.New(sha256.New, webhookKey) h.Write([]byte(payload)) signature := hex.EncodeToString(h.Sum(nil)) ``` -------------------------------- ### Bank Account Webhook Source: https://docs.checkbook.io/docs/api/webhooks This webhook is generated when the status of a bank account changes, such as after successful microdeposit verification. ```APIDOC ## Bank Account Webhook ### Description This webhook is triggered when the status of a bank account is updated. For example, when an account status changes from `DEPOSIT_ONLY` to `VERIFIED` after successful microdeposit verification. ### Event Payload Example ```json { "status": "VERIFIED", "id": "1bc0ce5ce7cf447ca9f2dad1ee2a98ce", "type": "ACCOUNT", "user_id": "bb100683cfa34ed9a17e42de91e1ea28" } ``` ### Fields Key| Description ---|--- **status** (string) - Required| Status of the account — possible values are: `VERIFIED`, `PENDING`, `INACTIVE`, `DEPOSIT_ONLY` **id** (string) - Required| ID of the account **type** (string) - Required| Type of webhook received. For this event, it will be `ACCOUNT`. **user_id** (string) - Required| ID of the user associated with the account. ``` -------------------------------- ### Multi-party CSV Template for Bulk Payments Source: https://docs.checkbook.io/docs/products/payments/bulk This CSV format supports sending payments to multiple recipients per transaction. Include columns for Recipient 1 Name, Recipient 1 Address, Recipient 2 Name, Recipient 2 Address, Amount, Check Number (optional), and Description. ```csv Name,Address,Name,Address,Amount,Check Number,Description Dwight Schrute,dwight@dundermifflin.com,Angela Martin,angela@dundermifflin.com,1234.56,1001,Party Planning Committee ```