38 lines
1.3 KiB
Markdown
38 lines
1.3 KiB
Markdown
---
|
|
taskmaster_id: "4.6"
|
|
status: "done"
|
|
priority: "high"
|
|
depends_on: ["3"]
|
|
parent_id: "4"
|
|
source: "taskmaster"
|
|
generated_at: "2026-05-24T07:26:29.052Z"
|
|
---
|
|
|
|
# 4.6 - Specify webhook security and provider adapter contracts
|
|
|
|
- [x] 4.6 - Specify webhook security and provider adapter contracts #taskmaster #priority/high #status/done ⏫ 🆔 tm-4-6 ⛔ tm-3
|
|
|
|
## Metadata
|
|
|
|
| Field | Value |
|
|
| --- | --- |
|
|
| Taskmaster ID | 4.6 |
|
|
| Status | done |
|
|
| Priority | high |
|
|
| Dependencies | 3 |
|
|
| Parent | 4 - Define backend security and refactor strategy from latest audit |
|
|
|
|
## Description
|
|
|
|
Define provider-neutral payment interface and signed webhook processing rules.
|
|
|
|
## Details
|
|
|
|
Completed. Produced `09 - Audits/Webhook Security Spec.md` and `09 - Audits/Payment Provider Adapter Spec.md`.
|
|
|
|
Document createPayInIntent, getPayInStatus, handleProviderWebhook, createHostedPaymentLink, createReleaseInstruction, createRefundInstruction, getPayoutStatus, searchProviderPayments, raw-body signature verification, replay prevention, delivery ID idempotency, duplicate/unknown event behavior, retry semantics, dead-letter/replay storage, and alert thresholds.
|
|
|
|
## Verification
|
|
|
|
Contracts cover SHKeeper legacy, Request Network, manual/admin wallet, invalid signatures, duplicate deliveries, and missed webhook reconciliation.
|