...
Event name
Possible event names
Event | Description |
|---|---|
AUTHORISED | Triggered when a payment has been authorized |
AUTHORISATION_FAILED | Triggered when the authorization process has failed |
PURCHASED | Triggered when the Sale process has succeeded. |
PURCHASE_FAILED | Triggered when Sale process has failed |
CAPTURED | Triggered when an AUTHORISED payment has been CAPTURED, in full. |
CAPTURE_FAILED | Triggered when the CAPTURE process has failed. |
CANCELLATION_FAILED | When APM system, declines or fail for a payment, the event has been triggered |
CANCELLED | Triggered when transaction is cancelled |
REFUNDED | Triggered when a CAPTURED payment has subsequently been refunded. |
REFUND_FAILED | Triggered when a REFUND request has failed. |
REBILLED | Triggered when a REBILL transaction is successful |
REBIL_FAILED | Triggered when a REBILL transaction is failed |
AUTHORISATION_PENDING | Triggered when the authorization process has status PENDING |
PURCHASE_PENDING | Triggered when Sale process has has status PENDING |
CAPTURE_PENDING | Triggered when the CAPTURE process has has status PENDING |
REBILL_PENDING | Triggered when a REBILL transaction has status PENDING |
REFUND_PENDING | Triggered when a REFUND request has status PENDING |
CANCELLATION_PENDING | Triggered when a CANCEL request has status PENDING |
Webhook response
Webhook Request Handling:
| Info |
|---|
For successful handling, your response to the POST request should be 200. OK. Ensure that when consuming the webhook, the response is sent promptly to prevent a timeout. The timeout period is set to 5 seconds. |
...
Ideally, you should receive a webhook in the order in which the webhook events occur. However, you may not always receive the webhooks in order. Know more about Order of Webhooks.
Authentication
There are couple of ways to ensure authentication of the webhook.
Custom Header / Custom Header Value
When creating a new webhook, there’s an option to provide authentication header name (
Custom Header) and value (Custom Header Value).When the webhook request is sent to provided webhook URL, besides the request body with transaction details, it also includes provided custom header name and value.
Based on those 2 parameters, it’s possible to verify if the request is coming from verified server machine.
IP address restriction
Another mechanism of preventing requests from non-verified server machine would be to whitelist the IPs of those servers.
Netvalve is capable of providing the list of IPs that could be then verified on webhook receiver side to make sure requests are coming from verified server machine.