Orders and payments go hand-in-hand. Once a payment is captured, the order is marked paid. This is reflected in the order.paid and payment.captured Webhook events as well. These events are triggered when the payment associated with the order is captured.
The table below lists the Webhook events available for payments.
Triggered when a payment is authorised.
Triggered when a payment is successfully captured.
Triggered when a payment fails.
The payload for a Webhook is a snapshot of the entity when the event occurred.
For example, when a customer makes a payment, its status changes to authorized. It can then immediately move to the captured state.
The payment can be in the captured state when the payment.authorized Webhook is fired. However, the payload for the payment.authorized event contains details of the events when the payment was authorised, not when it was captured.
In case of network tokenised cards, the last 4 digits will be of the tokenised card and not the actual card.
Do not hardcode the vpa parameter in the integration. If a UPI Intent payment fails, the vpa parameter may not get displayed at times.
If you have changed your webhook secret, remember to use the old secret for webhook signature validation while retrying older requests. Using the new secret will lead to signature mismatch.
Do Not Parse or Cast the Webhook Request Body
While generating a signature at your end, ensure that the webhook body is passed as an argument in the raw webhook request body. Do not parse or cast the webhook request body.