Checkout NAS Disputes Webhook

Checkout.com NAS Platform

Below are the instructions for merchants using checkout.com's NAS platform. You can find Checkout.com's official NAS webhook guide here.

Pre-Step: Map the Checkout.com id in the Validation API

To ensure that the checkout.com chargeback is matched with the correct original order, please map the Checkout.com Request Payment id (the value that starts with pay_ ) that is generated at the payment authorization, to the gatewayTransactionId field in the Order Validation API. For more information on where to find and retrieve the checkout.com Id, please see checkout.com's Request Card Payment Documentation.

The JSON below shows example mapping of the gatewayTransactionId within the creditCard object of the Validation API's payment array.

1. Create Secret keys

Log into your Checkout.com account and go to the "Developer" section from your homepage. In this section, click on the Create Keys button to generate unique keys for your webhook. You should receive both a Public key and a Secret key value.

2. Create a Notification

Click on the Notifications tab of your main Dashboard under "Settings"

3. Select New Notification

On the Notifications page, select the "New Notification" option and provide a descriptive name for the webhook in the "Name" field (i.e. "Disputes for Forter")

4. Select Events

In the events selection, go to the Disputes box and click on the "Select all Disputes" checkbox.

5. Add your Forter and Checkout keys

Webhook URL

• In the URL field, add your Forter endpoint URL: https://api.forter-secure.com/webhooks/checkoutcom/
  Your site Id can be found by going directly to the Forter portal's General Settings page and toggling to the Production environment.

Note if you want to test in sandbox or non-production environments, please navigate to your sandbox portal environment to retrieve your Forter credentials and use a corresponding Test account from Checkout.com

Authorization Header Key

• In the Authoriation header Key field, copy and paste your Forter API Secret key which can also be found on the Forter portal General Settings page.

Signature Key

• In the Signature Key section copy and paste the Checkout Secret key you generated in the Developer section in Step 1.

6. Upload your secret key

Copy and paste the same checkout.com secret key you set as your signature key to a text file named "JCBR-merchantName-Checkout.txt" and upload the text file to your Forter S3 subfolder. Instructions for accessing your S3 subfolder can be found at the bottom of this page. Forter will encrypt and add this key to a secure database in order to further authenticate the notifications from the webhook.

7. Select Entities

The webhook will send notifications for ALL of your entities by default, but if you only want to send Forter notifications for a specific store/or entity, you can check these in the "Entities" section

8. Finalize your new webhook

Click on the Create notification button at the bottom of the page to finalize the new dispute notification webhook. This will publish your Notification webhook and allow Forter to receive dynamic dispute updates going forward.

All set!
If you have any questions, please contact your Forter Onboarding team or dedicated Forter CSM at [email protected].

Testing the Checkout Dispute Webhook

To simulate a chargeback with the checkout.com webhook, please reference checkout.com's full list of test cards and scenarios here.

Multiple Checkout Accounts for a single Forter site

Currently, Forter only supports 1 checkout account to 1 portal site. This means that if you have multiple checkout accounts pointing to a single portal site, you will only be able to set up a dispute webhook for one account. Remaining accounts will need to provide chargebacks via an alternate method such as the Forter claims API, a csv file, or manual update in the Forter portal.