Webhooks

Webhooks notify your application in real-time when events occur in GovPayPlan, such as successful payments or refunds.

How Webhooks Work

An event occurs in GovPayPlan (e.g., payment completed)
GovPayPlan sends an HTTP POST to your endpoint
Your server processes the event
Your server responds with 200 OK

Setting Up Webhooks

Create a Webhook Endpoint

Navigate to Settings > API > Webhooks
Click Add Endpoint
Enter your endpoint URL
Select events to subscribe to
Save

Endpoint Requirements

Must be HTTPS
Must respond within 30 seconds
Must return 2xx status code
Must be publicly accessible

Webhook Events

Payment Events

Event	Description
`payment.created`	Payment initiated
`payment.completed`	Payment successful
`payment.failed`	Payment declined/failed
`payment.refunded`	Full refund issued
`payment.partially_refunded`	Partial refund issued

Recurring Payment Events

Event	Description
`recurring.created`	Recurring payment set up
`recurring.payment_completed`	Scheduled payment processed
`recurring.payment_failed`	Scheduled payment failed
`recurring.cancelled`	Recurring payment cancelled

Other Events

Event	Description
`refund.created`	Refund initiated
`refund.completed`	Refund processed
`dispute.created`	Chargeback received

Webhook Payload

Structure

json

{
  "id": "evt_abc123",
  "type": "payment.completed",
  "created_at": "2024-01-15T10:30:00Z",
  "data": {
    "payment": {
      "id": "pay_xyz789",
      "amount": 100.00,
      "currency": "USD",
      "status": "completed",
      "payer": {
        "name": "John Doe",
        "email": "john@example.com"
      }
    }
  }
}

Headers

Header	Description
`X-GPP-Signature`	Signature for verification
`X-GPP-Event`	Event type
`X-GPP-Delivery-ID`	Unique delivery ID

Verifying Webhooks

Always verify webhook signatures to ensure authenticity.

Signature Verification

javascript

const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

// In your webhook handler
app.post('/webhooks', (req, res) => {
  const signature = req.headers['x-gpp-signature'];
  const isValid = verifyWebhook(
    JSON.stringify(req.body),
    signature,
    process.env.WEBHOOK_SECRET
  );

  if (!isValid) {
    return res.status(401).send('Invalid signature');
  }

  // Process webhook
  res.status(200).send('OK');
});

Handling Webhooks

Best Practices

Respond quickly: Return 200 immediately, process async
Handle duplicates: Use delivery ID for idempotency
Verify signatures: Always validate webhook authenticity
Log events: Keep records for debugging

Example Handler

javascript

app.post('/webhooks', async (req, res) => {
  // Verify signature first
  if (!verifyWebhook(req)) {
    return res.status(401).send('Unauthorized');
  }

  // Respond immediately
  res.status(200).send('OK');

  // Process async
  const event = req.body;

  switch (event.type) {
    case 'payment.completed':
      await handlePaymentCompleted(event.data.payment);
      break;
    case 'payment.failed':
      await handlePaymentFailed(event.data.payment);
      break;
    case 'refund.completed':
      await handleRefundCompleted(event.data.refund);
      break;
  }
});

Retry Policy

If your endpoint fails to respond, GovPayPlan retries:

Attempt	Delay
1	Immediate
2	5 minutes
3	30 minutes
4	2 hours
5	24 hours

After 5 failures, the webhook is marked as failed.

Monitoring Webhooks

Webhook Logs

View webhook delivery history:

Navigate to Settings > API > Webhooks
Click on your endpoint
View Delivery History

Failed Webhooks

For failed deliveries:

Check endpoint availability
Verify SSL certificate
Review response logs
Manually retry if needed

Testing Webhooks

Test Events

Send test webhooks from the dashboard:

Navigate to Settings > API > Webhooks
Select your endpoint
Click Send Test Event
Choose event type
Review delivery

Local Development

For testing locally, use a tunnel service:

bash

# Using ngrok
ngrok http 3000

# Use the https URL for your webhook
# https://abc123.ngrok.io/webhooks

Authentication - Webhook secrets
Getting Started - API overview
Testing - Test environment

Webhooks ​

How Webhooks Work ​

Setting Up Webhooks ​

Create a Webhook Endpoint ​

Endpoint Requirements ​

Webhook Events ​

Payment Events ​

Recurring Payment Events ​

Other Events ​

Webhook Payload ​

Structure ​

Headers ​

Verifying Webhooks ​

Signature Verification ​

Handling Webhooks ​

Best Practices ​

Example Handler ​

Retry Policy ​

Monitoring Webhooks ​

Webhook Logs ​

Failed Webhooks ​

Testing Webhooks ​

Test Events ​

Local Development ​

Related Topics ​