Guides
Client PortalWebsite

Troubleshooting

Suggest Edits

I am not receiving notifications

Possible causes:

  • The subscription is deactivated - use the GET /api/v1/notificationselfservice/subscription endpoint to look up the status of the subscription
  • Your firewall settings do not allow notifications, or you have not whitelisted BC Connect IPs. See Setting up Webhooks for the full list of IPs that must be whitelisted
  • There is a typo in the URL - use the GET /api/v1/notificationselfservice/subscription endpoint to look up the submitted URL
  • The URL is not secured with a valid certificate
  • Your receiver is not setup to receive a binary stream
  • Your endpoint does not respond with an HTTP success status 2xx to indicate successful receipt of the notification. In this scenario you will receive notifications, but we will stop sending after 10 retries. Read more about our retry strategy here

I receive notifications but the data doesn't look right

Possible causes:

  • Ensure there are no copy/paste errors. The checksum should be 44 characters, the Authentication tag 24 characters and the Nonce 16 characters
  • You need to use the pre-shared encryption key, authentication tag and nonce to decrypt the payload
  • If you receive notifications without body this can be due to firewall settings
  • Something might be wrong with your decryption code. Here are examples in Java and .NET of how the message can be decrypted
package decryptWebhooks;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Base64;

import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;


public class decryptWebhooks {
            
    private static final String ALGORITHM = "AES";
    private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;
    private static final String ALGORITHM_CIPHER_TYPE = "AES/GCM/NoPadding";

    private static Cipher initCipher(byte[] key, byte[] iv, int tagLength, int mode) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, ALGORITHM);
        GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(tagLength, iv);
        Cipher cipher = Cipher.getInstance(ALGORITHM_CIPHER_TYPE);
        cipher.init(mode, secretKeySpec, gcmParameterSpec);
        return cipher;
    }

    public static byte[] decrypt(byte[] data, byte[] key, byte[] iv, int tagLength) throws Exception {
        Cipher cipher = initCipher(key, iv, tagLength, Cipher.DECRYPT_MODE);
        return cipher.doFinal(data);
    }
  
    public static void main(String[] args) throws Exception {

      /**  File with the encrypted payload */                  
      Path path = Paths.get("C:/Temp/070ed771-cb54-4a10-afa1-fb8a0a90a4ad_encrypted.txt");

            try {
                    byte[] dataBytes = Files.readAllBytes(path);
                        
                    String key = " < your passkey (3e1.....)>;  /** The pre-shared key */
                    String base64Iv = "HM+TQfRDe/cnObs+"; /** The Nonce from header */
                    String base64Tag = "2iWHz7ZmgEBysIFhe9nkWA==";/** The authtag from header */

                    byte[] keyBytes = key.getBytes(DEFAULT_CHARSET);
                    byte[] ivBytes = Base64.getDecoder().decode(base64Iv);
                    byte[] tagBytes = Base64.getDecoder().decode(base64Tag);
                    ByteBuffer buffer = ByteBuffer.allocate(dataBytes.length + tagBytes.length);
                    buffer.put(dataBytes).put(tagBytes);
                    int tagLength = tagBytes.length << 3;
                    byte[] plainBytes = decrypt(buffer.array(), keyBytes, ivBytes, tagLength);
                    String retval = new String(plainBytes, StandardCharsets.UTF_16LE);
                        
                    System.out.println(retval);
                          
                    } catch (IOException e) {
                        e.printStackTrace();
                    }
                        
            }

}

using System.Security.Cryptography;
using System.Text;

namespace BankingCircle.Notifications.SenderService
{
    public static class AesGcmEncryptionService
    {
        ///// <summary>
        ///// Returns all the information to be sent to the customer endpoint
        ///// </summary>
        public static byte[] Encrypt(string text, byte[] aesKey, byte[] aesNonce, out byte[] authenticationTag)
        {
            var aesGcm = new AesGcm(aesKey);
            var textBytes = Encoding.Unicode.GetBytes(text);
            var encryptedTextBytes = new byte[textBytes.Length];
            authenticationTag = new byte[16];

            //Encrypt
            aesGcm.Encrypt(aesNonce, textBytes, encryptedTextBytes, authenticationTag, null);

            return encryptedTextBytes;
        }

        /// <summary>
        /// Decrypts encrypted bytes
        /// </summary>
        public static byte[] Decrypt(byte[] encryptedBytes, byte[] aesKey, byte[] aesNonce, byte[] authenticationTag)
        {
            using var aesGcm = new AesGcm(aesKey);
            var decryptedTextBytes = new byte[encryptedBytes.Length];

            //Decrypt
            aesGcm.Decrypt(aesNonce, encryptedBytes, authenticationTag, decryptedTextBytes, null);

            return decryptedTextBytes;
        }
    }
}

Updated 6 months ago

What’s Next