Webhooks

Learn how Revaly webhooks deliver event notifications to your application.

Revaly webhooks allow your systems to receive near real-time notifications when important payment and recovery events occur.

Instead of continuously polling Revaly APIs for updates, you can subscribe to webhook events and have Revaly automatically notify your application whenever a relevant event takes place.

Webhooks help keep your CRM, billing platform, data warehouse, or internal systems synchronized with activity happening in Revaly.


Common Use Cases


Merchants commonly use webhooks to:

  • Track successful and failed payment attempts
  • Monitor recovery lifecycle events
  • Receive visibility into retry activity
  • Track refunds and voids
  • Trigger internal workflows or notifications
  • Synchronize payment status with external systems

For merchants using the Enterprise with Scheduler integration, webhooks are commonly used to receive updates on payment outcomes, retries, and recovery activity, ensuring that subscription and billing systems remain aligned with the latest transaction status.


How Revaly Webhooks Work


Webhooks follow a simple event-driven model. When a subscribed event occurs, Revaly sends an HTTPS request to your configured endpoint containing information about the event. Your application can then validate, store, and process the event according to your business requirements.

At a high level, the flow works as follows:

  1. You create a webhook endpoint in the Revaly Portal.
  2. You select the event types you want to receive.
  3. Revaly sends HTTPS POST requests whenever those events occur.
  4. Your application verifies the webhook signature and processes the event.
  5. Your endpoint returns a successful 2xx response.

Delivery Model


To maximize reliability, Revaly webhooks use an at-least-once delivery model. This ensures that temporary network interruptions or endpoint failures do not result in missed events.

As a result:

  • Events may be delivered more than once
  • Event ordering is not guaranteed
  • Your application should process events idempotently
  • Your endpoint should return a 2xx response as quickly as possible

If a delivery attempt fails, Revaly automatically retries the event according to its delivery policy.

For detailed delivery behavior, see Delivery & Reliability.


Security


Because webhook endpoints are publicly accessible, every webhook delivery includes a cryptographic signature that can be used to verify the authenticity of the request. Signature verification helps ensure that requests originate from Revaly and that the payload has not been modified in transit.

Before processing a webhook event, your application should validate the signature using your webhook signing secret.

For implementation details, see Verify Webhook Signatures.