pspReference, originalReference, merchantAccountCode, merchantReference, amount.value, amount.currency, eventCode, success — not the raw body. The signature lives inside the payload at NotificationRequestItem.additionalData.hmacSignature. Register your HMAC key and webhook.co reproduces the exact field construction.
Get the HMAC key
In the Adyen Customer Area, open Developers → Webhooks, select your webhook (Standard notification), and under Security generate or reveal the HMAC Key. It’s a hex string.Register it on your endpoint
Register the HMAC key exactly as the Customer Area shows it (the hex string). webhook.co
hex-decodes it to the key bytes, matching Adyen’s own SDKs — don’t decode or reformat it first.