Webhooks
Webhooks are where BIN monitoring breach notifications get sent
Last updated
Webhooks are where BIN monitoring breach notifications get sent
Last updated
To use the BIN Monitoring Service, it is necessary to setup a Webhook with Enzoic. You will need to specify a URL on your end that will be called with a POST whenever a notification is made. This can be done via API using the Webhooks API or by contacting Enzoic Support. You will also receive a Webhook Key and Webhook Secret which will be passed to your endpoint via basic HTTP authentication.
NOTE: Webhook notifications will be sent from IP address: 52.42.159.171. You may need to update your firewall rules accordingly.
The content of the POST body that will be sent to your webhook for new Breach Monitoring notifications will be a JSON object with the members specified in the table below.
Additional JSON keys may be added to this payload as we make enhancements to the service, so you must implement JSON parsing for the webhook in a way that will not fail if additional data members are present.
Member | Type | Description |
---|---|---|
An example POST body:
For security reasons, you should authenticate calls to your Webhook endpoint. To facilitate this, you will be provided with a Webhook Key and a Webhook Secret when you setup your Webhook with Enzoic. These will be passed as a standard basic authentication HTTP with the Webhook Key as the username and the Webhook Secret as the password. As per the standard, the authentication header passed to your endpoint is constructed as follows:
Once you have your webhook up and publicly accessible, you can verify all is working using the Webhook Test REST Call using the type=binAlert query string parameter. This will cause a BIN Monitoring Notification POST containing test data to be made to your URL.
monitoredBin
string
The BIN number being monitored
date
date
The date/time (in GMT) that the breach/exposure was found
exposureID
string
The ID of the Exposure. This can subsequently be used with the GET Exposure Details API to retrieve additional information about the Exposure.
recoveredCreditCardNumber
string
The credit card number matching your BIN which was found.
rawMatchSource
string
A snippet of text from the breach source showing the content around where the matches were found. This can be used to assess what additional information may have been revealed (e.g. CVV, Exp Date, etc.)