Webhooks & Events
Copperx uses webhooks to send real-time notifications to your server whenever important events occur in your account. This enables you to automate backend actions.
β
What is a Webhook?
A webhook is a POST request sent from Copperx to your serverβs endpoint whenever a specific event occurs. It carries a JSON payload describing the event and its associated data.
Why Use Webhooks? Instead of continuously calling the API to check for payment status updates, Copperx sends real-time events to your backend. This reduces overhead and ensures your app stays in sync.
Typical Flow:
User completes a payment (e.g., Checkout Session).
Copperx sends a webhook event (
checkout_session.completed) to your endpoint.Your backend verifies the webhook and updates the userβs plan or access.
π Webhook Security & Signature Verification
For security, Copperx signs every webhook payload using an HMAC-SHA256 signature.
Headers in the Webhook Request:
HeaderDescriptionx-webhook-signatureHMAC-SHA256 signature of the raw payload
x-webhook-tokenYour webhook secret key (from dashboard)
How to Verify the Signature:
Retrieve the
x-webhook-signatureheader from the request.Compute your own HMAC-SHA256 hash of the raw request body using your webhook secret key.
Compare your hash with the
x-webhook-signature. If they match, the webhook is valid.
You can find your webhook secret key in the Copperx dashboard settings.
π Common Webhook Events
Below are the most commonly used events in Copperxβs payment flows:
checkout_session.completed
User successfully completed the checkout.
checkout_session.expired
Checkout session expired before payment completion.
checkout_session.canceled
User canceled the checkout session.
invoice.paid
An invoice was paid successfully.
invoice.finalized
An invoice was finalized (ready to be paid).
invoice.payment_failed
Payment for an invoice failed.
customer.subscription.created
A new subscription was created.
customer.subscription.started
Subscription started.
customer.subscription.deleted
Subscription was canceled/deleted.
customer.subscription.past_due
Subscription payment is past due.
customer.subscription.unpaid
Subscription payment is unpaid.
payment_intent.succeeded
PaymentIntent was successfully completed.
payment_intent.failed
PaymentIntent failed.
π¨ Example Webhook Payload: Checkout Session Completed
When a checkout session is completed, hereβs an example of the JSON payload you will receive:
π‘ How to Use This Event
When you receive this event:
β
Verify the signature (for security).
β
Check the paymentStatus (paid).
β
Activate the userβs plan, send a confirmation email, or update their account.
βοΈ Best Practices for Webhooks
β
Always verify the signature to avoid spoofed requests.
β
Respond quickly to webhook POST requests with a 200 OK to acknowledge receipt.
β
Retry Behavior
Max Attempts: 10
Initial Delay: 30 seconds
Backoff Strategy: Exponential (delay doubles with each retry)
No Delay Cap: Delay continues to double up to the 10th attempt
Total Retry Window: ~4 hours 16 minutes from initial delivery attempt
π Retry Schedule
1st
30
0.5 min
0:00:30
2nd
60
1 min
0:01:30
3rd
120
2 min
0:03:30
4th
240
4 min
0:07:30
5th
480
8 min
0:15:30
6th
960
16 min
0:31:30
7th
1920
32 min
1:03:30
8th
3840
64 min
2:07:30
9th
7680
128 min
4:15:30
10th
15,360
256 min
8:31:30*
Notes:
A maximum of 10 retry attempts will be made.
If all retries fail, the webhook delivery is marked as unsuccessful.
β Log webhook events for debugging and auditing. β Use HTTPS for secure communication.
Last updated