About Webhooks

Check the various notifications (webhooks, emails and SMS) available to you when using RazorpayX.


Webhooks let you build or set up integrations that subscribe to certain events on

. When one of these events is triggered, we send an HTTP POST payload in JSON to the webhook's configured URL.

Handy Tips

It is important to validate and test webhooks before using them. Refer

for more information.

See

.

Listed below are the various webhooks events available in RazorpayX. The payload remains the same irrespective of the fund_account_type, that is, a bank account, VPA or card, to which the payout is made.

The table below lists the webhook events available for RazorpayX Payouts. You can enable webhooks for payout statuses listed in

.

The table below lists the webhook events available for

.

When your webhook secret is set, Razorpay uses it to create a hash signature with each payload. This hash signature is passed with each request under the X-Razorpay-Signature header that you need to validate at your end. Support for validating the signature is provided in all our

.

Do Not Parse or Cast the Webhook Request Body

While generating the signature at your end, ensure that the webhook body passed as an argument is the raw webhook request body. Do not parse or cast the webhook request body.

X-Razorpay-Signature

The hash signature is calculated using HMAC with SHA256 algorithm, your webhook secret set as the key and the webhook request body as the message.

You can also validate the webhook signature yourself using an

as shown below:

key = webhook_secret
message = webhook_body // raw webhook request body
received_signature = webhook_signature
expected_signature = hmac('sha256', message, key)
if expected_signature != received_signature
throw SecurityError
end

Take payouts in RazorpayX as an example. For payouts, you should receive webhooks in the following order:

  1. payout.pending (if you have enabled on your account)
  2. payout.queued (in case your )
  3. payout.initiated
  4. payout.processed or payout.reversed

The above order may not be followed at all times. Please keep this in mind and configure your webhook URL to handle such scenarios.

The processed and reversed states are the last states for a payout. Their corresponding webhooks payout.processed or payout.reversed indicate this state change. Any webhook received after these should be ignored.

Handy Tips

It is important to validate and test webhooks before you start using them. To test webhooks, refer

.

Watch this video to know how to set up RazorpayX webhooks or read along.

To set up webhooks:

  1. Log in to the

    , and navigate to My Account & SettingsDeveloper Controls.

  2. Click Add Webhooks if you are setting up a webhook or Edit Webhook to edit a previously saved webhook.

  3. Enter the Webhook URL where you want to receive the webhook payload when an event is triggered.

    Handy Tips

    • You can set up to 30 URLs to receive Webhook notifications. Webhooks can only be delivered to public URLs.
    • This webhook URL can be different from your .
    • If you attempt to save a localhost endpoint as part of a webhook setup, you will notice an error. Know more about .
  4. Enter a Secret for the webhook endpoint. This is an optional field and is used for

    .

    Secret for Webhooks

    • When setting up the Webhooks, you will be asked to specify a secret. Using this secret, you can validate that the webhook is from Razorpay.
      • Entering the secret is optional but recommended. The secret should never be exposed publicly.
    • The webhook secret does not need to be the merchant secret key provided by Razorpay.
  5. Select the events you want to subscribe from the list of Active Events.

  6. Click SAVE to enable the webhook.

To edit webhooks:

  1. Log in to the , and navigate to My Account & SettingsDeveloper Controls.
  2. After you set the webhooks, you can click Edit to make changes to a previously set webhook.


Was this page helpful?


razorpayx webhooks
webhooks
uses of webhooks
sample webhooks