About Webhooks
Check the various notifications (webhooks, emails and SMS) available to you when using RazorpayX.
Webhooks let you build or set up integrations that subscribe to certain events on
. When one of these events is triggered, we send an HTTP POST payload in JSON to the webhook's configured URL.Handy Tips
It is important to validate and test webhooks before using them. Refer
for more information.See
.Listed below are the various webhooks events available in RazorpayX. The payload remains the same irrespective of the fund_account_type, that is, a bank account, VPA or card, to which the payout is made.
The table below lists the webhook events available for RazorpayX Payouts. You can enable webhooks for payout statuses listed in
.The table below lists the webhook events available for
.When your webhook secret is set, Razorpay uses it to create a hash signature with each payload. This hash signature is passed with each request under the X-Razorpay-Signature header that you need to validate at your end. Support for validating the signature is provided in all our
Do Not Parse or Cast the Webhook Request Body
While generating the signature at your end, ensure that the webhook body passed as an argument is the raw webhook request body. Do not parse or cast the webhook request body.
X-Razorpay-Signature
The hash signature is calculated using HMAC with SHA256 algorithm, your webhook secret set as the key and the webhook request body as the message.
You can also validate the webhook signature yourself using an
as shown below:key = webhook_secretmessage = webhook_body // raw webhook request bodyreceived_signature = webhook_signatureexpected_signature = hmac('sha256', message, key)if expected_signature != received_signaturethrow SecurityErrorend
Take payouts in RazorpayX as an example. For payouts, you should receive webhooks in the following order:
payout.pending(if you have enabled on your account)payout.queued(in case your )payout.initiatedpayout.processedorpayout.reversed
The above order may not be followed at all times. Please keep this in mind and configure your webhook URL to handle such scenarios.
The processed and reversed states are the last states for a payout. Their corresponding webhooks payout.processed or payout.reversed indicate this state change. Any webhook received after these should be ignored.
Handy Tips
It is important to validate and test webhooks before you start using them. To test webhooks, refer
.Watch this video to know how to set up RazorpayX webhooks or read along.
To set up webhooks:
-
Log in to the
, and navigate to My Account & Settings → Developer Controls. -
Click Add Webhooks if you are setting up a webhook or Edit Webhook to edit a previously saved webhook.
-
Enter the Webhook URL where you want to receive the webhook payload when an event is triggered.
Handy Tips
- You can set up to 30 URLs to receive Webhook notifications. Webhooks can only be delivered to public URLs.
- This webhook URL can be different from your .
- If you attempt to save a localhost endpoint as part of a webhook setup, you will notice an error. Know more about .
-
Enter a Secret for the webhook endpoint. This is an optional field and is used for
.Secret for Webhooks
- When setting up the Webhooks, you will be asked to specify a secret. Using this secret, you can validate that the webhook is from Razorpay.
- Entering the secret is optional but recommended. The secret should never be exposed publicly.
- The webhook secret does not need to be the merchant secret key provided by Razorpay.
- When setting up the Webhooks, you will be asked to specify a secret. Using this secret, you can validate that the webhook is from Razorpay.
-
Select the events you want to subscribe from the list of Active Events.
-
Click SAVE to enable the webhook.
To edit webhooks:
- Log in to the , and navigate to My Account & Settings → Developer Controls.
- After you set the webhooks, you can click Edit to make changes to a previously set webhook.
Was this page helpful?