Webhook Structure
Every webhook follows this envelope structure:JSON
Getting Started
Configure Your Endpoint
- Navigate to Settings → Developers → Webhooks in the Dashboard
- Click Add Webhook
- Enter the URL where you want to receive events
Platform integrators configure webhooks in the Platform Dashboard instead — the same Settings → Developers → Webhooks path. A platform endpoint receives events for all businesses on the platform; use the
tenantKey in each payload to tell them apart.Handle Events
After registering an endpoint, Cadana sends an HTTP POST request to your URL every time a subscribed event occurs. Parse theeventType field to determine how to handle each event.
Respond Promptly
Your endpoint must return a2xx status code to acknowledge receipt. Any response outside the 2xx range — including 3xx redirects — is treated as a failure and will trigger retries.
Verifying Webhooks
Every webhook includes signature headers you should verify to confirm it was sent by Cadana.Signature Headers
Verification
Use the Svix libraries to verify signatures automatically:- Node.js
- Python
- Go
JavaScript
Retry Policy
If your endpoint fails to respond with a2xx status code, Cadana retries delivery with exponential backoff:
After all retries are exhausted (~3 days), the webhook is marked as failed.
Best Practices
- Respond immediately — Return
200 OKfirst, process asynchronously. Don’t do heavy work before responding. - Deduplicate — Use the
idfield to detect and skip duplicate deliveries. Retried webhooks keep the sameid. - Fetch the latest state — Webhooks can arrive out of order. After receiving an event, fetch the resource via API (e.g.,
GET /v1/payouts/{id}) to get the latest state. - Implement reconciliation — Webhook delivery is not guaranteed. Periodically poll the API to catch any missed events.
- Verify signatures — Always verify the
svix-signatureheader before processing a webhook to prevent spoofing.