Webhooks
Integration Guide for Webhook Events
Before integrating webhooks, make sure you’ve completed the Quickstart guide and have your authentication set up.
Overview
When you make a request to our API, you’ll typically get an immediate response. However, some operations like payments can take time to process. Instead of timing out, we return a pending status and use webhooks to notify you of the final result.
You have two options for handling these async operations:
- Poll the API endpoints periodically (not recommended for production)
- Use webhooks to receive real-time event updates (recommended)
Webhooks vs Polling
Setting Up Webhooks
1. Create Your Webhook URL
Create a POST endpoint on your server to receive webhook events. The endpoint should:
- Accept JSON payloads
- Return a 200 OK response
- Process events idempotently (handle duplicates safely)
2. Register Your Webhook URL
Add your webhook URL to your account settings:
Security
🔒 Security Notice
Important Security Considerations:
- Never expose sensitive credentials in client-side code or VCS
- Always validate request signatures and origins
- Use HTTPS for all API communications
- Implement proper access control and authentication
- Follow secure key management practices
Verifying Webhook Origins
Secure your webhook endpoint using either or both:
1. Checksum Validation
Each webhook includes a checksum for verification:
To validate:
- Concatenate:
event|json_encoded_data
(data must be alphabetically sorted) - Create HMAC SHA-256 hash using your business ID as the key
- Compare with the received checksum
The encoded data must exclude the checksum field and be in alphabetical order:
2. IP Whitelisting
Whitelist these Juicyway IPs:
Go-Live Checklist
Verify Public Access
Ensure your webhook URL is publicly accessible (no localhost)
URL Configuration
Add trailing /
if using .htaccess
Test Integration
Verify JSON parsing and 200 OK responses
Handle Long Tasks
Return 200 OK before processing lengthy operations
Monitor Failed Webhooks
Track non-200 responses in your logs
Implement Idempotency
Handle duplicate events safely
Supported Events
In sandbox, successful transactions remain pending. Only failure events are sent.
Payment Events
Next Steps
- Learn about API Request Authentication
- Review common Error Handling
- Explore the full API Reference