Customer Evaluation and Invoice Creation

Communication between Twisto and your e-shop is done through a webhook, which is a method of communication where we send various requests to you, and you respond according to the request type. The format and types of requests will be described in the following chapters. To set up the webhook, you need to first configure it in the Twisto e-shop administration with a hidden, unique URL address. We will send requests for data to this address.

Setting up your server to receive requests at this address is no different from creating a new page on your server. If you are using PHP, simply create a new file with a secret name, for example, xRDhEBnNu2BAyX3DCQYUNYgbROaUnj.php, and then set the webhook URL in the Twisto e-shop administration in the format: https://your-shop.com/webhook/xRDhEBnNu2BAyX3DCQYUNYgbROaUnj.php. This URL replaces authentication with a password, so it needs to be sufficiently long and unique to your e-shop. The webhook URL needs to be placed on an address secured with SSL, starting with https://, for secure sharing of encrypted data.

Warning: For security reasons, our servers validate the correctness of certificates, which must be issued by a recognized certification authority and cannot be self-signed. The correctness of the installation can be verified using freely available tests, for example: https://www.ssllabs.com/ssltest/index.html (does not support CAcert, which our server accepts).

Note: If you do not have your own SSL certificate yet, you can use a free certificate offered, for example, by CAcert.

Note: If you are using web hosting from WEDOS, you can use a shared certificate and avoid the monthly fee for renting an IP address.

Setting up Secure Communication between Twisto and your e-shop

Twisto API provides two modes: production and testing. For each mode, you will receive two API keys: a public key and a secret key.

The public key is used to identify your e-shop and can be included directly in your HTML code. It is used in the Twisto.js library, where you need to set it using the method Twisto.setPublicKey(key) before any requests are made. Otherwise, an exception will be thrown.

The secret key is used for encryption and authentication of requests that require verifying their origin. This key must remain secret and must not be publicly disclosed. It is used in the PHP library, where you set it using $twisto->setSecretKey($key);.

In the e-shop administration, you need to add the allowed domains of your e-shop. JavaScript will only work on those specific domains.

The testing mode is used for testing the implementation and has no impact on the production mode. You can see individual requests and any errors directly in the administration. Both modes can be used simultaneously and independently. Each mode has its own set of keys.

Example of setting the public key in Twisto.js

<script
  type="text/javascript"
  src="https://static.twisto.cz/api/v1/twisto.js"
></script>
<script type="text/javascript">
  // check administration to get your public
  Twisto.setPublicKey('')
</script>

Example of setting the keys in Twisto.php

<?php
require_once 'twistophp/Twisto.php';

$twisto = new Twisto\Twisto();

// check administration to get your public
$twisto->setPublicKey('');
$twisto->setSecretKey('');
?>

E-shop Administration

The e-shop administration provides access to logs from regular requests to the Twisto API as well as from the webhook. In the "Integration" section, you can set the Webhook URL and obtain or regenerate your public and secret keys.

Admin Integration Image

Admin Log Image

The next step is customer evaluation.