Webhooks
Webhook setup guide for TransX402 — receive real-time payment notifications, verify HMAC-SHA256 signatures, and understand the retry policy.
Overview
Webhooks allow your server to receive real-time notifications when payments occur. Instead of polling the API to check payment status, TransX402 will send an HTTP POST request to a URL you specify whenever a payment event happens.
Setting Up Webhooks
1. Configure Your Webhook URL
Go to the Settings page in the TransX402 dashboard and enter your webhook URL:
Or via API:
When webhookSecret is set to "auto", the system will auto-generate a secret. This secret is used to sign the webhook payload.
2. Implement Your Webhook Endpoint
Create an endpoint on your server that receives POST requests from TransX402:
Webhook Payload
Format
Event Types
| Event | Description |
|---|---|
payment.confirmed | Payment successfully confirmed on-chain |
payment.failed | Payment failed (transaction reverted or other error) |
Signature Verification
Every webhook request includes an X-TransX402-Signature header containing an HMAC-SHA256 of the request body using the merchant's webhook secret. You must verify this signature to ensure the webhook genuinely came from TransX402.
Node.js
Python
PHP
Retry Policy
If your webhook endpoint does not respond with a 2xx status code (200-299), TransX402 will retry delivery with exponential backoff:
| Attempt | Delay | Total time since event |
|---|---|---|
| 1 | Immediate | 0 |
| 2 | 1 minute | 1 minute |
| 3 | 5 minutes | 6 minutes |
| 4 | 15 minutes | 21 minutes |
| 5 | 1 hour | 1 hour 21 minutes |
After 5 failed attempts, the webhook is considered failed and will not be retried. You can view webhook delivery status on the Settings page in the dashboard.
Tips for Webhook Endpoints
- Respond quickly — Return 200 as soon as possible, process the event asynchronously if needed
- Be idempotent — Ensure your endpoint can receive the same event more than once without side effects (webhooks may be resent)
- Verify signatures — Always verify the HMAC-SHA256 signature for security
- Log all events — Keep a log of received webhooks for debugging
Testing Webhooks
Send a Test Event
You can send a test event from the Settings page in the dashboard by clicking the "Send Test Event" button. This will send a test webhook payload to your webhook URL.
Use the Sandbox
All sandbox payments also trigger webhooks. This lets you test the entire webhook flow without making real payments:
- Set your webhook URL in the dashboard
- Make a sandbox payment
- Check that the webhook was received correctly
- Verify that signature validation works
- Ensure your business logic processes the event correctly
Debugging Tools
For testing and debugging, you can use tools like:
- webhook.site — Receive and inspect webhook requests in real-time
- ngrok — Expose localhost to the internet to receive webhooks during development
Delivery Status
On the Settings page in the dashboard, you can view webhook delivery statistics:
- Total — Total number of webhooks sent
- Delivered — Number of webhooks successfully received (2xx response)
- Failed — Number of webhooks that failed after all retries
Each webhook delivery is recorded in the database for audit trail and debugging purposes.