A webhook URL is an endpoint on your server where you can receive notifications about such events. When an event occurs, we'll make a POST request to that endpoint, with a JSON body containing the details about the event, including the type of event and the data associated with it.
Webhooks allow the Yangaplug API to notify your application when certain events occur, eliminating the need for the application to poll the API for updates.
We notify you via your webhook endpoint for events such as a successful payment or a failed transaction.
To receive webhook notifications, you must first register the URL where the webhook should be sent and the triggering event. When the event occurs, the API will send an HTTP request containing the notification to the specified URL. If your app doesn't respond with a response code starting with 2, we will retry calling the webhook after 10 seconds. If that second attempt fails, the we will attempt to call the webhook a final time after 100 seconds.
Webhook Security
We will then sign each request we make to your webhook url with the secret you configured on your dashboard so you can verify the webhook is actually being sent by Yangaplug
Webhook Structure
All webhook payloads follow the same basic structure
Quick Tip
When testing, you can get an instant webhook URL by visiting webhook.site. This will allow you to inspect the received payload without having to write any code or set up a server.
Responding to webhooks
To acknowledge receipt of a webhook, your endpoint must return a 2xx HTTP status code. Any other response codes, including 3xx codes, will be treated as a failure. We don't care about the response body or headers.
IMPORTANT
Some web frameworks like Rails, Laravel and Django automatically check that every POST request contains a CSRF token. This is a useful security feature that protects you and your users from cross-site request forgery.
However, for webhooks to work, you'll need to exempt the webhooks endpoint from CSRF protection.
Be Idempotent
Occasionally, we might send the same webhook event more than once. You should make your event processing idempotent (calling the webhook multiple times will have the same effect), so you don't end up giving a customer value multiple times.
One way of doing this is recording the events you've processed, and then checking if the status has changed before processing the duplicate event: