Skip to main content

Overview

Webhooks deliver real-time notifications when payment and request events occur. Configure your endpoints to receive HMAC-signed POST requests with automatic retry logic and comprehensive event data.

Webhook Configuration

Webhooks are managed programmatically via the Auth API at auth.request.network β€” there is no Dashboard UI for webhook CRUD. Each webhook is scoped to the Client ID that creates it; events for any payment link or request created with that Client ID are delivered to that webhook.

Create a webhook

Response (201 Created):
The secret is only returned once at creation. Store it securely β€” you cannot retrieve it again. Use HTTPS in production. localhost URLs are accepted for local testing.

Manage webhooks

All endpoints accept x-client-id and operate on the webhooks owned by that Client ID. Open the Auth API Scalar docs to call these interactively with your wallet session β€” signing in to the Dashboard sets the session cookie that’s shared across all *.request.network services.

Local Development

Use ngrok to receive webhooks locally, then pass the public URL to POST /v1/webhook:

Event Types

See Payload Examples below for detailed webhook structures.

Payment Events (core)

Payment Events (Client ID-scoped)

Emitted in addition to the core events when the originating request was created with a Client ID. Payload includes extra clientId and origin fields.

Payment Events (Checkout / Secure Payment-scoped)

Emitted in addition to the core events when the request was created via a Secure Payment / checkout flow.

Processing Events

Request Events

Compliance Events

Security Implementation

Signature Verification

Every webhook includes an HMAC SHA-256 signature in the x-request-network-signature header:

Security Requirements

  • HTTPS only: Production webhooks require HTTPS endpoints
  • Always verify signatures: Never process unverified webhook requests
  • Keep secrets secure: Store signing secrets as environment variables
  • Return 2xx for success: Any 2xx status code confirms successful processing

Request Headers

Each webhook request includes these headers:

Retry Logic

Automatic Retries

  • Max attempts: 3 retries (4 total attempts)
  • Retry delays: 1s, 5s, 15s
  • Trigger conditions: Non-2xx response codes, timeouts, connection errors
  • Timeout: 5 seconds per request

Response Handling

Error Logging

Request API logs all webhook delivery failures with:
  • Endpoint URL
  • Attempt number
  • Error details
  • Final failure after all retries

Payload Examples

All payment events include an explorer field linking to Request Scan for transaction details. Common Fields:
  • requestId / requestID: Unique identifier for the payment request
  • paymentReference: Short reference, also unique to a request, used to link payments to the request
  • timestamp: ISO 8601 formatted event timestamp
  • paymentProcessor: Either request-network (crypto) or request-tech (fiat)

Payment Confirmed

Payment Processing

Payment Partial

Payment Failed

Compliance Updated

Implementation Examples

For a complete working example, see Webhook reconciliation which implements webhook handling for payment notifications.

Testing

Test deliveries

Fire a test webhook from the Auth API:
Or call it interactively from the Auth API Scalar docs. Test deliveries arrive at all active webhooks for that Client ID and include the x-request-network-test: true header so handlers can branch on test vs real.

Test Webhook Identification

Test webhooks include the x-request-network-test: true header:

Best Practices

Error Handling

  • Implement idempotency: Use delivery IDs to prevent duplicate processing
  • Graceful degradation: Handle unknown event types without errors

Performance

  • Timeout management: Complete processing within 5 seconds

Troubleshooting

Common Issues

Signature verification fails:
  • Check your signing secret matches the value returned by POST /v1/webhook at creation
  • Ensure you’re using the raw request body for signature calculation
  • Verify HMAC SHA-256 implementation
Webhooks not received:
  • Confirm endpoint URL is accessible via HTTPS
  • Verify endpoint returns 2xx status codes
  • Confirm the webhook is active via GET /v1/webhook (toggle with PUT /v1/webhook/:id)

Debugging Tips

  • Use ngrok request inspector to see raw webhook data
  • Monitor retry counts in headers to identify issues
  • Fire test deliveries via POST /v1/webhook/test

Webhooks & Events

High-level webhook concepts and workflow

Webhook reconciliation

Complete webhook implementation example

Authentication

API credential setup and webhook security

Request Dashboard

Manage Client IDs and payment destinations (webhooks are managed via the Auth API above)