Frequently Asked Questions (FAQs)
Find answers to frequently asked questions about Razorpay webhooks.
- For Razorpay Payments, you can create up to 30 different webhook URLs.
- For RazorpayX, currently, only one webhook is allowed per Merchant ID.
Webhooks can only be delivered to public URLs. If you attempt to save a localhost endpoint as part of a webhook setup, you will notice this error. Know more about the
- Secret mismatch
Signature validation errors happen when the secret configured during webhook setup does not match the secret used during signature generation. Ensure the secret you pass while generating the signature matches the secret configured in the webhook setup.
The webhook secret does not need to be the merchant secret key provided by Razorpay.
If you do not remember the secret used during setup, change the secret by editing the webhook. Know more about
Issue with the signature generation logic
While generating the signature at your end, you must ensure that the webhook body passed as an argument is the raw webhook request body. This is not recommended as your method of JSON encoding can be different from ours. Instead, you should be taking the raw body and using that directly. This should always result in the same signature.
Secret changed recently on the Razorpay dashboard
If you have changed your webhook secret, remember to use the old secret for webhook signature validation while retrying older requests. The new secret can only be used for all events generated after the secret is updated.
Every event that receives a non-2xx response is considered an event delivery failure by Razorpay's system. If there is a delivery failure, we retry the delivery in exponential backoff policy 24 hours after event creation timestamp.
You can request a replay of a webhook event from Razorpay's side if it meets the following criteria:
- The webhook should be enabled on the dashboard during the occurrence of this event.
- The webhook event should not be older than 15 days.
- The webhook event's signature validation should be done using the same signature during the occurrence of this event.
- The webhook event should be specific to payments, orders, payouts and so on.
Currently, bulk replaying of webhook events is not possible.
Follow the steps given below to request a replay of a webhook event:
- Log in to your
- Click Help → Have a query? → Technical Support → Issue regarding Webhooks/API.
- Share details of the event you want to replay and click Submit.
A webhook is retried at progressive intervals of time on failure, defined in the exponential backoff policy, for 24 hours. If the webhooks continue to fail for 24 hours, the webhook is disabled. You need to enable the webhook from the Razorpay Dashboard or RazorpayX Dashboard after fixing the errors at your end.
Whenever a webhook is disabled, you are notified on your Alert Email Address as configured during webhook setup. If no Alert Email Address was provided during webhook setup, an email is sent to the email address configured under Settings on the Razorpay Dashboard or RazorpayX Dashboard.
Please note that Razorpay considers any non-2xx response as an event delivery failure. Please make sure the API responds with 2xx when you successfully consume the event at your end.
To avoid an event being missed, Razorpay follows at-least-once delivery semantics. In this approach, if we do not receive a successful response from your server, we resend the webhook.
There could be situations where your server accepts the event but fails to respond in 5 seconds. In such cases, the session is marked timeout. It is assumed that the webhook was not processed and is sent again.
- Ensure your server is configured to handle or receive the same event details multiple times.
- Check the value of
x-razorpay-event-idin the webhook request header. The value for this header is unique per event and can help you determine the duplicity of a webhook event.
Razorpay Production environment does not support the older versions of TLS 1.0 and 1.1 due to security concerns around these protocols.
The TLS protocol is used to encrypt your servers' communications with Razorpay, so it's important that your integration uses the latest version (TLS 1.2 is much more secure than its predecessors.).
As an integration checklist, please whitelist all the
Was this page helpful?