Yatta Checkout User Guide
Webhooks
Setup
To enable webhooks for your product, drop us a short email containing a list of event types you want to receive and a URL for your live system. In the future, you'll be able to set these URLs directly in the portal.
If the specified endpoint cannot be reached or the request is not acknowledged with a 200 code, the request will be retried hourly for 24h and afterwards once per day. If the webhook cannot be executed for 30 days, it will be dropped.
Verification
To verify that the message was actually sent by Yatta, every request uses the Bearer authentication scheme with a JWT token. These tokens will be signed with an RSA key, and the selected key is available on https://api.yatta.de/checkout/v1/jwks
.
After decoding the JWT token into its parts—header, payload and signature—the payload will contain the following example data:
sub (subject) |
YattaCheckoutCallback |
aud (audience) |
Unique for each Vendor. |
iss (issuer) |
yatta.de |
iat (issued at) |
Unix timestamp at which the JWT was issued. |
hash-alg |
Currently only SHA3-256 is supported as algorithm for the hash. |
hash |
Hash sum over the request body. |
Make sure to verify the token's signature (for fast and safe results, use a library of your choice) and also check that the audience field equals your known Vendor ID. Last but not least, you can verify the hash of the full body to ensure the data you received has not been tampered with.
Only acknowledge the request with a 200 return code if verification is successful.
Structure
Each webhook event payload contains the following common fields:
event |
The type of event. |
eventVersion |
The version of the event. |
bookingId |
A unique identifier for user purchase. |
Account
Email address of the purchasing Yatta Account. |
|
linkedAccount 🠊 accountId |
Can be your linked Account ID (if specified) or a generated one. |
Product
productIdentifier |
Contains the ID and environment of your product. |
productName |
Added for readability of this message. |
licenseTypeId |
A unique identifier of the purchased license type. |
kind 🠊 type |
Can be ONE_TIME_PURCHASE or SUBSCRIPTION. |
🠊 term |
Runtime constraint for one-time purchases, if defined for this license type. |
Transaction
For event types where a payment is executed or expected (e.g. PURCHASE
, RENEWAL
and BOOKING_CREATED
), the event payload contains following common fields in addition to event specific fields in transaction object.
txId |
A unique identifier for the transaction. |
customMetadata |
Key-value pair passed through metadata REST API during purchase process. |
groupContext 🠊 id 🠊 name |
The group context passed through IAM context through metadata REST API during purchase process. |
additions |
Array of objects
Additional data required for purchase of a particular product. |
Price
Similar to Transaction object, Price object is common in events where a payment is executed or expected.
currency |
Selected currency for this transaction. |
netValue |
Amount without VAT (if applicable). |
total |
Gross value of the transaction. |
quantity |
Amount of licenses for the selected product. |
userCountryISO2Lookup |
Selected country for the VAT calculation. |
vatReversed |
True if reversed VAT is active for this transaction. |
vatPercentage |
Applied VAT rate. |
vatValue |
Added VAT amount. |
For additional fields specific to each event type, see the Event Types section below.
Event types
Triggered when a user completes a purchase — either a one-time product or a subscription. |
|
Triggered when a user cancels an active subscription. |
|
Triggered when a user re-subscribes to a previously canceled but still active subscription. |
|
Triggered when a subscription is extended for the next billing period. |
|
Triggered when a user books a subscription for a future date. |
|
Triggered when a user cancels a subscription scheduled to start in the future. |
Purchase
The event payload contains following fields in addition to common fields:
Transaction
purchaseDate |
The purchase's timestamp. |
customerInvoiceNo |
A continuous prefixed number of the issued invoice |
Keys
A list of keys in JWT format, size is equal to the number of licenses. In case you offer variable quantities for your product, the keys
attribute will contain a list of keys differentiating multiple sub-keys, which are valid JWT. They can be handed out to customers to identify their unique license key and contain the timespan in which they are valid.
Keys are similar in content to the overall message, notable differences are:
Subject of the token is the
accountId.
Additional sequence number (
seq
).Detail objects (account, transaction and product) are stringified.
Cancellation
The event payload contains following fields in addition to common fields:
terminationDate |
Date in ISO 8601 format when the license will be terminated. |
reason |
Reason of cancellation. It will be CUSTOMER_REQUEST if user requested to cancel the subscription. |
Reactivation
Renewal
The event payload contains following fields in addition to common fields:
Transaction
renewalDate |
The renewal's timestamp. |
customerInvoiceNo |
A continuous prefixed number of the issued invoice |
Keys
A list of keys in JWT format, size is equal to the number of licenses. In case you offer variable quantities for your product, the keys
attribute will contain a list of keys differentiating multiple sub-keys, which are valid JWT. They can be handed out to customers to identify their unique license key and contain the timespan in which they are valid.
Keys are similar in content to the overall message, notable differences are:
Subject of the token is the
accountId.
Additional sequence number (
seq
).Detail objects (account, transaction and product) are stringified.
Booking Created
Booking Canceled
The event payload contains following fields in addition to common fields:
cancellationDate |
Date in ISO 8601 format when the user canceled the booked subscription. |
reason |
Reason of cancellation. It will be CUSTOMER_REQUEST if user requested to cancel the subscription. |