You will need to provide a webhook endpoint to Zeta, where Zeta will send the event notification against the subscribed events. Zeta will register the webhook endpoint and share a secret token with you to validate the incoming webhook messages. Using Fusion APIs, you can subscribe to an event. See Configure Webhooks to find more details on webhook setup.

With every subscribed events, Zeta triggers an HTTP POST call and sends an X-Zeta-HMAC HTTP Header along with the event message. This header is used to validate the incoming messages coming from the trusted source.

Zeta sends an X-Zeta-HMAC HTTP Header in the event payload. To verify that an incoming message comes from Zeta, generate a HMAC signature and compare with X-Zeta-HMAC. See Configure Webhooks to find more details on inbound webhook validation.

Zeta sends notifications against the subscribed events to your webhook endpoint as they occur. Hence, we don’t restrict the number of notifications targeted to your application.

Zeta uses a range of IP addresses that you may consider to white-list. Contact Zeta Support to know the complete list of IPs.

Yes, we also provide a back office Notification Center that allows you to configure webhook communication and also create policies related to event-based notifications based on your business requirements. Contact Zeta Sales for more info.

No notification is expected to be delivered for unauthenticated transactions. Any rouge individual on internet can enter the card details and attempt a transaction. Such transactions are not attributed to any individual, and thus nobody but the bank is notified.