It is important to verify that events originate from Monnify to avoid delivering value based on a counterfeit event. Whenever Monnify sends a notification, a hash of the request body is computed and set in the request header with the key 'monnify-signature. We expect you to try to recreate the hash and only accept or honor the notification if your computed hash matches what’s sent by Monnify.
To calculate the hash value, you will have to hash the whole object with your unique client secret as key. This allows you to pass data to be hashed as a string alongside the client secret.
It’s highly recommended you check our Best Practices when processing webhooks
Guide on computing transaction Hash
Step 1: First of all you’d need to know your client secret key, this can be found at the developers section of your dashboard.
Step 2: When computing the transaction hash, you’d need to be able to capture the whole body of the request as an object because you’d need your client key and the whole object of the request body to verify the hash key received.
The hashing algorithm to be used is SHA-512. There should be no spaces in generating the hash value.
Do a SHA-512 encoding of your client secret key and object of the request body i.e SHA-512 (client secret key + object of request body).