getWebhookPublicKey
curl --request GET \
--url https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey \
--header 'Authorization: Basic <encoded-value>' \
--header 'Content-Type: application/json' \
--data '
{
"method": "getWebhookPublicKey"
}
'import requests
url = "https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey"
payload = { "method": "getWebhookPublicKey" }
headers = {
"Authorization": "Basic <encoded-value>",
"Content-Type": "application/json"
}
response = requests.get(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'GET',
headers: {Authorization: 'Basic <encoded-value>', 'Content-Type': 'application/json'},
body: JSON.stringify({method: 'getWebhookPublicKey'})
};
fetch('https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_POSTFIELDS => json_encode([
'method' => 'getWebhookPublicKey'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Basic <encoded-value>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey"
payload := strings.NewReader("{\n \"method\": \"getWebhookPublicKey\"\n}")
req, _ := http.NewRequest("GET", url, payload)
req.Header.Add("Authorization", "Basic <encoded-value>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey")
.header("Authorization", "Basic <encoded-value>")
.header("Content-Type", "application/json")
.body("{\n \"method\": \"getWebhookPublicKey\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Basic <encoded-value>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"method\": \"getWebhookPublicKey\"\n}"
response = http.request(request)
puts response.read_body{
"webhookPublicKey": [
{
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7X5aL03/0SX2yRkaQkY\no8n+wEGY0og5n9INWbDh/8Twv7dpWiYYhxTHOewYq4RNNu85vOeDP5I10k7NO0oU\nZHMpXtn03KL771bPo8TIhEmGkjSkCicf3czFpJ//MVS2wZbvy0Lq0lor1Ubx35Q5\n2OViygrfk9dC6yRkN64ggtKN+jTzq2vi4k7nNg9B6fmiC6N2FdY+g3xefTmtP47+\nrg6e/NjQd+xQg/KhLnCYdfTowTlGo4Uo5n6jOdW8Q21qWfkBg1+E2tSVjOicuhhF\n9YPHv9uln8T79hIMd3sw/L/Hj0VEhMzvVXjGt6XE4rDiiw73F/5HNpVWoYnAfno2\n8wIDAQAB\n-----END PUBLIC KEY-----",
"alg": "RS256",
"kid": "EF4F6093-3DFB-4BFB-AEF4-F45BAB72FA26",
"status": "Active"
},
{
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglTOVKUOsu1I9V4zOxN1\ncPQSiFtcqI/J9pqNoUWYTbcSrbIIxUBswyEo8ALezg5uP9+a3OoeBatCLfvrocav\njf0R67qFnkmBfSafgqaY4f23oEFSPcBnWq/U5ULIA15nvq/HO2bXuai/Xw8Cj05/\n2FXPTIPY6TJK1Lzzbec5H9XvTTb49cYQ8W2ZMrJsqIxa87jM6bxFYLobBpcWYgn1\nEAa7lU7jMHWD7C54M+lb/UJII3ScnhTh1s4o/StOWJ19bdx9IZq3bNzP1JFQRUs1\neB1OaFHyX+GqYxxeoSJmRqwlZlq7EgCVHI+l7XaHHUxMN6NSo+UC+bCH7UkB3OBt\nrQIDAQAB\n-----END PUBLIC KEY-----",
"alg": "RS256",
"kid": "5AAFD8C3-5323-4513-B202-1A2EB066EB26",
"status": "Retiring",
"verifyUntil": "2026-06-19T02:42:32.467Z"
}
]
}Webhooks
getWebhookPublicKey
The getWebhookPublicKey API retrieves the Active public key to verify incoming webhook signatures
What it does:
- Returns the
Activepublic key to verify the signature in a webhook header - Returns a
Retiringkey after rotation so webhooks in transit can be verified
Note:
- Keys should be stored to prevent unecessary calls to this endpoint
- Keys are identified by their unique keyID (
kid) - This endpoint should only be used when a webhook is recieved with a
kidyou haven’t previously seen
GET
/
webhooks
/
getWebhookPublicKey
getWebhookPublicKey
curl --request GET \
--url https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey \
--header 'Authorization: Basic <encoded-value>' \
--header 'Content-Type: application/json' \
--data '
{
"method": "getWebhookPublicKey"
}
'import requests
url = "https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey"
payload = { "method": "getWebhookPublicKey" }
headers = {
"Authorization": "Basic <encoded-value>",
"Content-Type": "application/json"
}
response = requests.get(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'GET',
headers: {Authorization: 'Basic <encoded-value>', 'Content-Type': 'application/json'},
body: JSON.stringify({method: 'getWebhookPublicKey'})
};
fetch('https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_POSTFIELDS => json_encode([
'method' => 'getWebhookPublicKey'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Basic <encoded-value>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey"
payload := strings.NewReader("{\n \"method\": \"getWebhookPublicKey\"\n}")
req, _ := http.NewRequest("GET", url, payload)
req.Header.Add("Authorization", "Basic <encoded-value>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.get("https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey")
.header("Authorization", "Basic <encoded-value>")
.header("Content-Type", "application/json")
.body("{\n \"method\": \"getWebhookPublicKey\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Basic <encoded-value>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"method\": \"getWebhookPublicKey\"\n}"
response = http.request(request)
puts response.read_body{
"webhookPublicKey": [
{
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7X5aL03/0SX2yRkaQkY\no8n+wEGY0og5n9INWbDh/8Twv7dpWiYYhxTHOewYq4RNNu85vOeDP5I10k7NO0oU\nZHMpXtn03KL771bPo8TIhEmGkjSkCicf3czFpJ//MVS2wZbvy0Lq0lor1Ubx35Q5\n2OViygrfk9dC6yRkN64ggtKN+jTzq2vi4k7nNg9B6fmiC6N2FdY+g3xefTmtP47+\nrg6e/NjQd+xQg/KhLnCYdfTowTlGo4Uo5n6jOdW8Q21qWfkBg1+E2tSVjOicuhhF\n9YPHv9uln8T79hIMd3sw/L/Hj0VEhMzvVXjGt6XE4rDiiw73F/5HNpVWoYnAfno2\n8wIDAQAB\n-----END PUBLIC KEY-----",
"alg": "RS256",
"kid": "EF4F6093-3DFB-4BFB-AEF4-F45BAB72FA26",
"status": "Active"
},
{
"publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglTOVKUOsu1I9V4zOxN1\ncPQSiFtcqI/J9pqNoUWYTbcSrbIIxUBswyEo8ALezg5uP9+a3OoeBatCLfvrocav\njf0R67qFnkmBfSafgqaY4f23oEFSPcBnWq/U5ULIA15nvq/HO2bXuai/Xw8Cj05/\n2FXPTIPY6TJK1Lzzbec5H9XvTTb49cYQ8W2ZMrJsqIxa87jM6bxFYLobBpcWYgn1\nEAa7lU7jMHWD7C54M+lb/UJII3ScnhTh1s4o/StOWJ19bdx9IZq3bNzP1JFQRUs1\neB1OaFHyX+GqYxxeoSJmRqwlZlq7EgCVHI+l7XaHHUxMN6NSo+UC+bCH7UkB3OBt\nrQIDAQAB\n-----END PUBLIC KEY-----",
"alg": "RS256",
"kid": "5AAFD8C3-5323-4513-B202-1A2EB066EB26",
"status": "Retiring",
"verifyUntil": "2026-06-19T02:42:32.467Z"
}
]
}Authorizations
Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.
Body
application/json
Response
200 - application/json
Show child attributes
Show child attributes
⌘I
