Skip to main content

What are Webhooks?

Webhooks are HTTP callbacks that FossaPay sends to your server when events occur in your account. They enable you to receive real-time notifications about payments, payouts, settlements, and other important events.
Webhooks eliminate the need for polling and ensure your application stays in sync with FossaPay in real-time.

Why Use Webhooks?

Real-time Updates

Get notified immediately when events occur

Reduce Polling

No need to constantly check for updates

Automated Workflows

Trigger actions automatically based on events

Better UX

Update your users instantly about transaction status

Webhook Events

Deposit Events

Withdrawal Events

Transfer Events

Wallet Events

Setting Up Webhooks

Configure Webhook URL

Set your webhook endpoint in the dashboard or via API: Via Dashboard:
  1. Go to Settings → Webhooks
  2. Enter your webhook URL
  3. Copy the webhook secret
Via API:

Webhook URL Requirements

Your webhook endpoint must:
  • Use HTTPS (HTTP not allowed in production)
  • Respond within 30 seconds
  • Return a 2xx status code for successful receipt
  • Handle duplicate events gracefully
Webhook URLs must be publicly accessible. Use services like ngrok for local development.

Webhook Payload

All webhooks follow this structure:

Implementing Webhook Handler

Basic Handler (Node.js/Express)

Python/Flask Example

Security

Signature Verification

FossaPay signs all webhooks with HMAC SHA256:
Use IP whitelisting as an additional layer of security, not as a replacement for signature verification.

Retry Logic

If your endpoint doesn’t respond with a 2xx status, FossaPay retries: After 5 failed attempts, the webhook is marked as failed and no more retries occur.
Check your webhook logs in the dashboard for failed deliveries and investigate issues promptly.

Idempotency

Webhooks may be delivered more than once. Implement idempotent handling:

Testing Webhooks

Local Testing with ngrok

Simulate Webhooks

Test your webhook handler with simulated events:

Webhook Logs

View webhook delivery logs in your dashboard:
  1. Go to Settings → Webhooks
  2. Scroll down to “Webhook Events”
  3. Filter by event type
  4. Replay failed webhooks

Best Practices

Always return 200 immediately, then process asynchronously:
Never trust webhooks without signature verification:
Use event_id or transaction_id to detect duplicates:
Log all webhook receipts for debugging and auditing:
Set up alerts for webhook failures:

Webhook Payload Examples

Deposit Completed (Crypto)

Deposit Completed (Fiat)

Withdrawal Completed

Transfer Completed

Transfer Failed

Wallet Balance Updated

Next Steps

Configure Webhooks

Set up your webhook endpoint

View Webhook Logs

Monitor webhook deliveries

Collections Guide

Handle payment webhooks

Payouts Guide

Handle payout webhooks