Webhooks is a mechanism that allows you to receive notifications about created events.
You simply create page on your website and give us the URL to that page. Now every time when new event is created we will call your page with informations about that event.
Webhooks can be configured in your account settings once you login to your account. Each webkook URL can have one of two modes: live or test. URL's configured for test mode will receive only events created in test mode and URL's configured for live mode will receive only events created in live mode.
Receiving a webhook request
When new event is created we will POST to each configured webhook URL. Event data are encoded as JSON and are sent in request body. For each webhook URL events are always delivered in order they were created. Remember - with webhooks it is your server that is receiving webhook requests.
If security is important then you should only use event identifier from webhook request and obtain remaining data by doing direct request to SecurionPay API (see retrieving an event). It is also advised to record which events were processed and never process the same event twice - to protect yourself from replay-attacks.
Responding to webhook request
When you successfully process webhook request you must return
200 HTTP status code.
Any other data return by webhook is ignored.
If webhook returns status code other then
200 it is assumed that the request delivery failed.
Failed webhook request are resent with increasing delay between each attempt.
It is important to note when event delivery fails for given webhook URL then delivery of all other events for that webhook URL will be blocked until that failed delivery is successfully retried. That's because events are always delivered in order they were created - so if one event fails to be delivered, then we can't send any other events as this would result in out of order delivery.