Configure Webhooks
Create a webhook endpoint
Set up a HTTPS URL endpoint that accepts POST requests from Zoho Payments. Ensure you have allowed/whitelisted the API domains of Zoho Payments to accept the webhooks sent.
This endpoint should respond with a 200 OK HTTP status code once the webhook is received.
Secure the webhook endpoint
You can secure the endpoint by validating and verifying that the requests received are from Zoho Payments only.
Zoho Payments provided a signature in the webhook’s header, which should be extracted and verified using the webhook signing key provided when you register the webhook endpoint in the next step.
Note: Do not consume the webhook data without verifying the signature of the request.
Additionally, you can whitelist and check the IPs from which the webhooks will be triggered. If the IPs do not match, decline the webhook.
Register the webhook endpoint in Zoho Payments
To register the webhook endpoint:
- Go to Settings and select Developer Space.
- Switch to the Webhooks tab.
You can add your webhook endpoint here and choose the events for which you wish to receive webhooks for that endpoint.
You can either configure a single endpoint for multiple events or different endpoints for each event.
Zoho Payments checks the endpoint during registration by pinging the URL once. So ensure you have the endpoint setup and publicly accessible before registering it in Zoho Payments. If the endpoint is not accessible, the registration fails.
Insight: You can register up to 5 endpoints in your account.
Testing Webhooks
Once registered, you can perform any actions that will trigger the subscribed events to your endpoint. You can check the status of the webhook delivery and the logs in the Webhooks section of Developer Space.
Insight: Zoho Payments retries webhooks for up to 2 days with exponential back off. In case, the webhook still fails to be delivered, we will notify you via email and disable the endpoint.
