Webhooks

Receive real-time notifications when payment events occur. Webhooks allow your application to react instantly to completed payments without polling.

Overview

┌─────────────────┐         ┌─────────────────┐         ┌─────────────────┐
│    Customer     │         │    MakaPay      │         │   Your Server   │
│                 │         │                 │         │                 │
│  Sends payment  │ ──────→ │  Processes      │         │                 │
│                 │         │  payment        │         │                 │
│                 │         │       ↓         │         │                 │
│                 │         │  Sends webhook  │ ──────→ │  Receives POST  │
│                 │         │                 │         │  request        │
│                 │         │                 │         │       ↓         │
│                 │         │                 │         │  Fulfills order │
└─────────────────┘         └─────────────────┘         └─────────────────┘

Setup

Prerequisites

• An active API key (required for webhook authentication)

• An HTTPS endpoint on your server

Configure Webhook URL

1. Go to Dashboard → Webhooks

2. Enter your webhook URL (must be HTTPS)

3. Toggle Active to enable

4. Click Save

Generate API Key

If you don't have an API key:

1. Go to Dashboard → API Keys

2. Click Create New Key

3. Save the key securely

Webhook Events

payment.completed

Sent when a payment is successfully settled to your wallet.

payment.withdrawn

Sent when a partial payment is manually withdrawn.

payment.awaiting_gas

Sent when payment is received but Gas Tank balance is insufficient. Informational only - no retry on this event.

Webhook Security

Signature Verification

Every webhook includes a signature header for verification:

The signature is computed as: SHA256(JSON.stringify(payload) + apiKey)

Verifying the Signature

Python Example

Retry Policy

Failed webhook deliveries are automatically retried:

What Counts as Failure

• HTTP status code outside 200-299

• Connection timeout (30 seconds)

• SSL/TLS errors

• DNS resolution failure

After All Retries Fail

• Webhook is marked as failed

• No further automatic retries

• You can manually retry from the dashboard

Best Practices

1. Respond Quickly

Return a 200 response as fast as possible. Do heavy processing asynchronously.

2. Implement Idempotency

Webhooks may be delivered more than once. Use paymentId to prevent duplicate processing.

3. Verify Signatures

Always verify the X-Signature header before processing.

4. Use HTTPS

Webhook URLs must use HTTPS. HTTP endpoints are rejected.

5. Handle All Event Types

Your endpoint should gracefully handle unknown event types:

Testing Webhooks

Manual Trigger

1. Go to Dashboard → Payments

2. Click on a completed payment

3. Click Resend Webhook

4. Check your webhook logs

Webhook Logs

View delivery history in Dashboard → Webhooks → Logs:

Local Testing

Use a tunnel service like ngrok for local development:

Payload Reference

Common Fields

Optional Fields

Troubleshooting

Webhook Not Received

1. Check webhook is Active in dashboard

2. Verify URL is correct and uses HTTPS

3. Check your server logs for incoming requests

4. Review webhook logs for delivery status

Signature Mismatch

1. Ensure you're using the correct API key

2. Verify you're hashing the raw JSON payload

3. Check for encoding issues (UTF-8)

Timeouts

1. Respond with 200 before processing

2. Move heavy operations to background jobs

3. Increase server timeout if needed

Duplicate Events

1. Implement idempotency using paymentId

2. Check webhook logs for retry attempts

3. Review your response codes (non-2xx triggers retry)