Paisr uses webhooks to notify your application about events that happen within your profile—such as completed payments, invoice updates, verification status changes, and more. Webhooks enable real-time updates without needing to constantly poll the API.

You can subscribe to the events that matter to you and build automations or workflows that react instantly when they occur.

How they work

Whenever an event occurs—like a payment being completed or a customer being created—Paisr creates an event object and sends it as an HTTP POST request to the URL(s) you’ve configured.

Each event payload includes:

  • The event type (e.g. invoice.paid, customer.created)
  • The ID of the resource
{
    "id": "inv_123456",
    "event": "invoice.paid",
}

You can configure webhooks in two ways:

  1. Dashboard

    Navigate to the Developers > Webhooks section, add a new endpoint, and select the events you want to subscribe to.

  2. API

    Use the Webhooks API to create or manage endpoints programmatically. Click here for a list of available event types.

Authenticating Webhooks

To verify that a webhook was sent by Paisr, each request includes a X-PCB-Signature and X-PCB-Timestamp headers. This is an HMAC-SHA256 signature generated using your webhook’s shared secret. This helps prevent spoofed or replayed requests from being accepted.

To validate:

  1. Retrieve the signature and timestamp from the request headers.
  2. Compute the HMAC using your webhook secret.
  3. Compare it to the signature in the header.
signature = HMAC_SHA256(secret, timestamp + ’.’ + body)

Other unique headers include:

  • User Agent: PCB Events
  • Powered By: PAISR Technologies NV

You can rotate secrets without losing event delivery using the Dashboard or Webhooks API.

Retries & Reliability

If your server fails to respond with a 2xx status, Paisr automatically retries the event using an exponential backoff strategy for up to 10 retries. You can track delivery attempts, failures, and retry schedules in the dashboard or via the Webhooks API.

Monitoring

You can monitor the performance of your webhooks via the dashboard or using the Webhooks API and view total events deliverd, success/failure ratio and more. These metrics help you monitor the health of your integration and identify misconfigurations or downtime quickly.

Best Practices

  • Always verify the webhook signature.
  • Avoid blocking your main application thread—respond quickly and process asynchronously.
  • Use idempotency to avoid duplicating logic on retries.
  • Log webhook receipts and failures for traceability.
  • Frequently monitor the performance of your webhooks.