Webhook call and mTLS support

My organisation has mandate of mTLS for all ingress calls from external system. Dwolla webhook call falls under that category (Dwolla to our company infra).

As per our company infra process, Dwolla has to generate CSR and our security team will provide back signed client certificate which Dwolla has to present while making webhook calls to our system (standard mTLS flow).

My question is does Dwolla supports mTLS in webhook calls?

Hi @hshah2811 – Dwolla doesn’t support mTLS. However, we do support passing in a secret with a webhook subscription which will be used to generate a webhook signature that you can validate against to ensure that the webhook is coming from Dwolla (Validating Webhooks | Dwolla API Documentation). Also, of course, all API traffic is over HTTPS.

Hope that helps!

I am wondering if the connection over HTTP from Dwolla’s side also presents a client certificate as part of the request.

Hi Ahmed –

We do not present a client certificate as part of our webhook request.