Guides
Start typing to search…

Webhook Authentication

Webhooks enable seamless integration between Zaptec charging stations and external authorization or payment providers. When a user initiates a charging session, Zaptec sends an HTTP POST request to the configured external provider. The provider then decides whether to authorize the session. If approved, charging proceeds; otherwise, it is denied. This approach allows for flexible authentication and payment processing, ensuring secure and efficient charging management.

Integration Steps

  1. Access the Zaptec Portal

    • Navigate to the installation you manage, ensuring you have Owner or Service permissions.
    • In the portal, configure your installation to integrate with webhooks.

  2. Configure Authentication

    • Go to the Authentication tab of your installation.

    • Choose your preferred authentication method. By default, Zaptec uses Native Authentication, which relies on the permissions assigned within the Zaptec Portal.

      Zaptec Portal Screenshot

    • To use webhook authentication, select Webhook Authentication as the preferred method.
      Zaptec Portal Screenshot

Webhook Parameters

Authentication URL

  • This option allows you to configure the URL for an OAuth token service.
  • If set, Zaptec will first obtain an OAuth bearer token from this URL before sending data to the webhook.
  • The token is included in the Authorization header of the request: 
    Authorization: Bearer {access_token}
  • This option is required if webhook calls must be authenticated using OAuth.

Authentication Payload

  • If an Authentication URL is configured, Zaptec sends a request to obtain an OAuth token.
  • The payload must match your OAuth token service’s expected format and is posted with the content type: 
    application/x-www-form-urlencoded
  • Example of a basic OAuth payload: 
    grant_type=password&username={username}&password={password}
  • If an Authentication URL is not provided, the username and password from the payload are included in the Authorization header using HTTP Basic authentication.

For HTTP Basic authentication, the payload should be formatted as a query string:

username={username}&password={password}

Session Start URL

  • The webhook URL that Zaptec calls before authorizing a charging session.
  • If the external provider denies the request, the session will not start.
  • If no external authorization URL is provided, ZapCloud’s internal authorization will be used.

Session End URL

  • The webhook URL that Zaptec calls after a charging session ends (when the vehicle is disconnected from the charging station).

Offline Authorization Setting

  • If enabled, charging stations will allow charging with any user or charge card when they lose connection to the control system.

This setup ensures seamless integration between Zaptec and external authorization or payment providers, enhancing flexibility and security.

Updated 12 days ago