Appearance
Skip to content
Outbound Webhooks
Outbound Webhooks configures the HTTP endpoints Payment Nexus will notify when events occur on Payment Intent Tickets for this brand. Each webhook receives a signed POST request in real time as events happen.
Permissions
| Action | Permission required |
|---|---|
| Manage outbound webhooks | tenant:manage:webhooks |
Webhook table
| Column | Description |
|---|---|
| Description | An optional label to help identify the webhook's purpose |
| Webhook URL | The HTTP/HTTPS endpoint that receives the POST request |
| Events | The event types this webhook is subscribed to |
| Enabled | Whether the webhook is currently active |
| Pre-Shared Key | The secret used to sign outgoing payloads (masked) |
Row actions
| Action | Description |
|---|---|
| Edit | Update the webhook's configuration |
| Test | Send a sample payload for every subscribed event and verify the endpoint returns a 2xx response |
| Delete | Permanently remove the webhook |
Adding a webhook
Click Add to create a new webhook.
| Field | Required | Description |
|---|---|---|
| Description | No | A brief label to identify this webhook |
| Webhook URL | Yes | The HTTPS endpoint that will receive event notifications |
| Pre-Shared Key (PSK) | Yes | A secret shared with the receiving endpoint, used to verify payload signatures |
| Events | Yes | One or more event types to subscribe to (see below) |
| Enabled | — | Toggle to activate or deactivate this webhook; defaults to enabled |
Available events
| Event | Fires when |
|---|---|
payment_intent_ticket.created | A new Payment Intent Ticket is created |
payment_intent_ticket.updated | An existing Payment Intent Ticket is updated |
payment_intent_ticket.saved | Any create or update occurs (fires alongside both of the above) |
Payload and signature verification
Each delivery is a POST request with these headers:
| Header | Description |
|---|---|
X-Request-ID | A unique UUID for this delivery |
X-Event | The event type that triggered the delivery |
X-Timestamp | ISO 8601 UTC timestamp of the delivery |
X-Signature | A bcrypt hash for verifying authenticity |
User-Agent | Payment Nexus/{VERSION} ({ENVIRONMENT}) |
To verify a delivery, reconstruct the pre-hash string {timestamp}|{psk}|{requestId}|{event} using the values from the headers and your stored PSK, then verify it against X-Signature using bcrypt. Checking the timestamp guards against replay attacks.
The payload body contains the Payment Intent Ticket data including ID, status, amount, currency, customer reference, and checkout details. For the full schema definition, refer to the Webhook Event Payload schema in the brand's API documentation.
TIP
Use the Test action after creating or editing a webhook to confirm your endpoint is reachable and responding correctly before relying on it for live events.
Click Refresh to reload the webhook list from the backend.