Frequently Asked Questions (FAQs)
Find answers to frequently asked questions about Curlec webhooks.
For Curlec Payments, you can create up to 30 different webhook URLs.
Webhooks can only be delivered to public URLs. If you attempt to save a localhost endpoint as part of a webhook setup, you will notice this error. Know more about the
.-
Secret mismatch
Signature validation errors happen when the secret configured during webhook setup does not match the secret used during signature generation. Ensure the secret you pass while generating the signature matches the secret configured in the webhook setup.Watch Out!
The webhook secret does not need to be the merchant secret key provided by Curlec.
If you do not remember the secret used during setup, change the secret by editing the webhook. Know more about
.-
Issue with the signature generation logic
While generating the signature at your end, you must ensure that the webhook body passed as an argument is the raw webhook request body. This is not recommended as your method of JSON encoding can be different from ours. Instead, you should be taking the raw body and using that directly. This should always result in the same signature. -
Secret changed recently on the Curlec dashboard
If you have changed your webhook secret, remember to use the old secret for webhook signature validation while retrying older requests. The new secret can only be used for all events generated after the secret is updated.
Every event that receives a non-2xx response is considered an event delivery failure by Curlec's system. If there is a delivery failure, we retry the delivery in exponential backoff policy 24 hours after event creation timestamp.
You can request a replay of a webhook event from Curlec's side if it meets the following criteria:
- The webhook should be enabled on the dashboard during the occurrence of this event.
- The webhook event should not be older than 15 days.
- The webhook event's signature validation should be done using the same signature during the occurrence of this event.
- The webhook event should be specific to payments, orders and so on.
Watch Out!
Currently, bulk replaying of webhook events is not possible.
Follow the steps given below to request a replay of a webhook event:
- Log in to your .
- Click Help → Have a query? → Technical Support → Issue regarding Webhooks/API.
- Share details of the event you want to replay and click Submit.
A webhook is retried at progressive intervals of time on failure, defined in the exponential backoff policy, for 24 hours. If the webhooks continue to fail for 24 hours, the webhook is disabled. You need to enable the webhook from the Curlec Dashboard after fixing the errors at your end.
Whenever a webhook is disabled, you are notified on your Alert Email Address as configured during webhook setup. If no Alert Email Address was provided during webhook setup, an email is sent to the email address configured under Account & Settings on the Curlec Dashboard.
Watch Out!
Please note that Curlec considers any non-2xx response as an event delivery failure. Please make sure the API responds with 2xx when you successfully consume the event at your end.
To avoid an event being missed, Curlec follows at-least-once delivery semantics. In this approach, if we do not receive a successful response from your server, we resend the webhook.
There could be situations where your server accepts the event but fails to respond in 5 seconds. In such cases, the session is marked timeout. It is assumed that the webhook was not processed and is sent again.
- Ensure your server is configured to handle or receive the same event details multiple times.
- Check the value of
x-razorpay-event-id
in the webhook request header. The value for this header is unique per event and can help you determine the duplicity of a webhook event.
Curlec Production environment does not support the older versions of TLS 1.0 and 1.1 due to security concerns around these protocols.
- The TLS protocol is used to encrypt your servers' communications with Curlec, so it's important that your integration uses the latest version (TLS 1.2 is much more secure than its predecessors.).
- As an integration checklist, please whitelist all the .
To view the webhooks log history:
- Log in to your Razorpay Dashboard.
- On the left navigation, click Developers → Webhooks.
- Select the webhook for which you want to view the log history.
Was this page helpful?
ON THIS PAGE