Hubpay webhooks
Webhooks notify your backend when a Hubpay resource changes. Use them to update payment, onboarding, RFI and app-connection state without repeatedly polling the API.
Treat each webhook as a prompt to fetch current state. Delivery can be retried or arrive out of order, so handlers must be idempotent.
Prerequisites
- A bearer token and, where required, an
AccountId - A public HTTPS callback endpoint
- The event types required by your integration
Register a webhook
Call Register webhook with:
callbackUrl: the HTTPS endpoint that receives callbackseventTypes: one or more event types from the event catalogue
The event families available to you depend on your Hubpay account and integration permissions.
Retrieve the signing secret
After registration, call Get webhook signing secret. Store the returned key in a secret manager.
Every callback includes an HMAC signature. Verify it against the raw request body before parsing or processing the payload. See Verifying webhook signatures for Python, Node.js and Java examples.
Handler requirements
- Return a
2xxresponse promptly after accepting a valid event - Process longer-running work asynchronously
- Deduplicate events using the event identifier
- Fetch the latest resource state before taking irreversible action
- Monitor failures and understand the retry schedule
Manage registrations
See the webhook event catalogue for event names and payload fields.