Validating Payout Notification

In order to increase security aspect, there are several ways to ensure notification received from Iris.

Signature Key

signature = OpenSSL::Digest::SHA512.new(payload + merchant_key).to_s

We add signature key information in our notification. The purpose of this signature key is to validate whether the notification is originated from Midtrans or not. Should the notification is not genuine, merchants can disregard the notification. We send the signature key via Header Iris-Signature.


Challenge Response

An additional mechanism we provide to verify the content and the origin of the notification is to challenge. This can be achieved by calling the Payout Details API.