getWebhookPublicKey

curl --request GET \
  --url https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "method": "getWebhookPublicKey"
}
'

{
  "webhookPublicKey": [
    {
      "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7X5aL03/0SX2yRkaQkY\no8n+wEGY0og5n9INWbDh/8Twv7dpWiYYhxTHOewYq4RNNu85vOeDP5I10k7NO0oU\nZHMpXtn03KL771bPo8TIhEmGkjSkCicf3czFpJ//MVS2wZbvy0Lq0lor1Ubx35Q5\n2OViygrfk9dC6yRkN64ggtKN+jTzq2vi4k7nNg9B6fmiC6N2FdY+g3xefTmtP47+\nrg6e/NjQd+xQg/KhLnCYdfTowTlGo4Uo5n6jOdW8Q21qWfkBg1+E2tSVjOicuhhF\n9YPHv9uln8T79hIMd3sw/L/Hj0VEhMzvVXjGt6XE4rDiiw73F/5HNpVWoYnAfno2\n8wIDAQAB\n-----END PUBLIC KEY-----",
      "alg": "RS256",
      "kid": "EF4F6093-3DFB-4BFB-AEF4-F45BAB72FA26",
      "status": "Active"
    },
    {
      "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglTOVKUOsu1I9V4zOxN1\ncPQSiFtcqI/J9pqNoUWYTbcSrbIIxUBswyEo8ALezg5uP9+a3OoeBatCLfvrocav\njf0R67qFnkmBfSafgqaY4f23oEFSPcBnWq/U5ULIA15nvq/HO2bXuai/Xw8Cj05/\n2FXPTIPY6TJK1Lzzbec5H9XvTTb49cYQ8W2ZMrJsqIxa87jM6bxFYLobBpcWYgn1\nEAa7lU7jMHWD7C54M+lb/UJII3ScnhTh1s4o/StOWJ19bdx9IZq3bNzP1JFQRUs1\neB1OaFHyX+GqYxxeoSJmRqwlZlq7EgCVHI+l7XaHHUxMN6NSo+UC+bCH7UkB3OBt\nrQIDAQAB\n-----END PUBLIC KEY-----",
      "alg": "RS256",
      "kid": "5AAFD8C3-5323-4513-B202-1A2EB066EB26",
      "status": "Retiring",
      "verifyUntil": "2026-06-19T02:42:32.467Z"
    }
  ]
}

Webhooks

getWebhookPublicKey

The getWebhookPublicKey API retrieves the Active public key to verify incoming webhook signatures

What it does:

Returns the Active public key to verify the signature in a webhook header
Returns a Retiring key after rotation so webhooks in transit can be verified

Note:

Keys should be stored to prevent unecessary calls to this endpoint
Keys are identified by their unique keyID (kid)
This endpoint should only be used when a webhook is recieved with a kid you haven’t previously seen

GET

webhooks

getWebhookPublicKey

curl --request GET \
  --url https://sandbox.rollfi.xyz/webhooks/getWebhookPublicKey \
  --header 'Authorization: Basic <encoded-value>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "method": "getWebhookPublicKey"
}
'

{
  "webhookPublicKey": [
    {
      "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7X5aL03/0SX2yRkaQkY\no8n+wEGY0og5n9INWbDh/8Twv7dpWiYYhxTHOewYq4RNNu85vOeDP5I10k7NO0oU\nZHMpXtn03KL771bPo8TIhEmGkjSkCicf3czFpJ//MVS2wZbvy0Lq0lor1Ubx35Q5\n2OViygrfk9dC6yRkN64ggtKN+jTzq2vi4k7nNg9B6fmiC6N2FdY+g3xefTmtP47+\nrg6e/NjQd+xQg/KhLnCYdfTowTlGo4Uo5n6jOdW8Q21qWfkBg1+E2tSVjOicuhhF\n9YPHv9uln8T79hIMd3sw/L/Hj0VEhMzvVXjGt6XE4rDiiw73F/5HNpVWoYnAfno2\n8wIDAQAB\n-----END PUBLIC KEY-----",
      "alg": "RS256",
      "kid": "EF4F6093-3DFB-4BFB-AEF4-F45BAB72FA26",
      "status": "Active"
    },
    {
      "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglTOVKUOsu1I9V4zOxN1\ncPQSiFtcqI/J9pqNoUWYTbcSrbIIxUBswyEo8ALezg5uP9+a3OoeBatCLfvrocav\njf0R67qFnkmBfSafgqaY4f23oEFSPcBnWq/U5ULIA15nvq/HO2bXuai/Xw8Cj05/\n2FXPTIPY6TJK1Lzzbec5H9XvTTb49cYQ8W2ZMrJsqIxa87jM6bxFYLobBpcWYgn1\nEAa7lU7jMHWD7C54M+lb/UJII3ScnhTh1s4o/StOWJ19bdx9IZq3bNzP1JFQRUs1\neB1OaFHyX+GqYxxeoSJmRqwlZlq7EgCVHI+l7XaHHUxMN6NSo+UC+bCH7UkB3OBt\nrQIDAQAB\n-----END PUBLIC KEY-----",
      "alg": "RS256",
      "kid": "5AAFD8C3-5323-4513-B202-1A2EB066EB26",
      "status": "Retiring",
      "verifyUntil": "2026-06-19T02:42:32.467Z"
    }
  ]
}

Authorizations

Authorization

string

header

required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password.

Body

application/json

method

string

required

Response

200 - application/json

webhookPublicKey

object[]

required

Show child attributes

getCashRequirementsReport Company