Frequently Asked Questions (FAQs)

Find answers to the frequently asked questions about Razorpay webhooks.

1. How many webhooks are allowed per Merchant ID?🔗

  • For Razorpay Payments, you can create up to 10 different webhook URLs.
  • For RazorpayX, currently, only one webhook is allowed per Merchant ID.

2. Why am I getting an error message as "private ip found for host"?🔗

Webhooks can only be delivered to public URLs. If you attempt to save a localhost endpoint as part of a webhook setup, you will notice this error. Know more about the alternatives to localhost.

3. How to resolve webhook signature validation errors?🔗

a. Secret mismatch
Signature validation errors happen when the secret configured during webhook setup does not match the secret used during signature generation. Ensure the secret you pass while generating the signature matches the secret configured in the webhook setup.
Watch Out!
The webhook secret does not need to be the merchant secret key provided by Razorpay.

If you do not remember the secret used during setup, change the secret by editing the webhook. Know more about editing Payments webhooks and editing X webhooks.

b. Issue with the signature generation logic
While generating a signature at your end, ensure that the webhook body passed as an argument is the raw webhook request body. Do not parse or cast the webhook request body.

c. Secret changed recently on the Razorpay dashboard
If you have changed your webhook secret, remember to use the old secret for webhook signature validation while retrying older requests. The new secret can only be used for all events generated after the secret is updated.

4. What will happen if the webhook event is not received?🔗

Every event that receives a non-2xx response is considered an event delivery failure by Razorpay's system. If there is a delivery failure, we retry the delivery in exponential backoff policy 24 hours after event creation timestamp.

5. Why is my webhook disabled?🔗

A webhook is retried at progressive intervals of time on failure, defined in the exponential backoff policy, for 24 hours. If the webhooks continue to fail for 24 hours, the webhook is disabled. You need to enable the webhook from the Razorpay Dashboard or RazorpayX Dashboard after fixing the errors at your end.

Whenever a webhook is disabled, you are notified on your Alert Email Address as configured during webhook setup. If no Alert Email Address was provided during webhook setup, an email is sent to the email address configured under Settings on the Razorpay Dashboard or RazorpayX Dashboard.

Watch Out!
Please note that Razorpay considers any non-2xx response as an event delivery failure. Please make sure the API responds with 2xx when you successfully consume the event at your end.

6. Why am I receiving the same event multiple times?🔗

To avoid an event being missed, Razorpay follows at-least-once delivery semantics. In this approach, if we do not receive a successful response from your server, we resend the webhook.

There could be situations where your server accepts the event but fails to respond in 5 seconds. In such cases, the session is marked timeout. It is assumed that the webhook was not processed and is sent again.

a. Ensure your server is configured to handle or receive the same event details multiple times.
b. Check the value of x-razorpay-event-id in the webhook request header. The value for this header is unique per event and can help you determine the duplicity of a webhook event.

7. Why am I not able to consume webhooks in the production environment, whereas I can consume in the test environment?🔗

Razorpay Production environment does not support the older versions of TLS 1.0 and 1.1 due to security concerns around these protocols.

a. The TLS protocol is used to encrypt your servers' communications with Razorpay, so it's important that your integration uses the latest version (TLS 1.2 is much more secure than its predecessors.).
b. As an integration checklist, please whitelist all the Webhook IP's.