Docs / Guides / Webhooks

Webhooks

PayItFast sends real-time JSON notifications about key events to your registered endpoint. Webhooks allow you to react immediately to user status changes, payment settlements, failures, and more without polling the API.

Webhook Payload Structure

Every webhook delivers a JSON body with the following structure.

JSON
{
  "eventId": "EV-231107XXXXX4387",
  "entityId": "OR-240726094358",
  "entityType": "order",
  "orgId": "OG-231207102120",
  "status": "fund_settled",
  "user": {
    "userId": "UX-240625104122",
    "firstName": "string",
    "lastName": "string",
    "country": "string",
    "createdAt": "ISO-8601"
  },
  "order": {
    "orderId": "string",
    "type": "string",
    "fiatTicker": "string",
    "cryptoTicker": "string",
    "fiatAmount": 0,
    "cryptoAmount": 0,
    "walletAddress": "string",
    "paymentType": "string",
    "createdAt": "ISO-8601",
    "customerOrderId": "string",
    "failureCode": "string",
    "failureMessage": "string"
  },
  "partnerContext": {},
  "createdAt": "ISO-8601"
}
Field Type Description
eventId string Unique event identifier
entityId string User ID or Order ID associated with the event
entityType string "user" or "order"
orgId string Organization identifier
status string Current entity status (e.g., fund_settled, kyc_success)
user object User details including userId, name, country, and creation date
order object Order details (empty for user events). Includes amounts, tickers, and payment info.
partnerContext object Your custom metadata, echoed back from order creation
order.failureCode string Error code — only present in failure events
order.failureMessage string Human-readable error message — only present in failure events
createdAt string ISO-8601 timestamp of when the event was created

User Events

These webhooks fire when a user's account or KYC status changes.

Event Status Description
User Created user_created Account established
User Approved user_approved Demo transaction capability granted
User Rejected user_rejected Account creation failed approval
KYC Initiated kyc_initiated KYC verification begins
KYC Success kyc_success Verification passed
KYC Rejected kyc_rejected Verification failed compliance

Collections Events

Webhooks for fiat payin (collection) orders.

Event Status Description
Payment Initiated initiated Order created, user redirected to payment
Payment Authorised fund_settled Bank confirmed payment receipt
Payment Unauthorised fund_failed Bank declined payment
Manual Review manual_review Held for compliance review

Payout Events

Webhooks for fiat payout orders.

Event Status Description
Payment Initiated initiated Payout order successfully created
Payment Scheduled fund_scheduled Payout scheduled for processing
Payment Completed fund_settled Funds received by user, confirmed by bank
Payment Failed fund_failed Failed to send to user's account
Payment Returned fund_returned Funds returned from user's bank

Gaming Events

Webhooks for fiat payin with wallet (iGaming) orders.

Event Status Description
Payment Initiated initiated Order created, awaiting payment
Payment Authorised fund_settled Bank confirmed payment
Payment Unauthorised fund_failed Bank declined payment
Stablecoin Deposit asset_deposited Stablecoin deposited to user's wallet
Balance Top Up completed Order complete — trigger balance top-up
Expired expired Transaction not completed in time
Manual Review manual_review Held for compliance review

Onramp Events

Webhooks for fiat-to-crypto (onramp) orders.

Event Status Description
Payment Initiated initiated Order created, awaiting payment
Payment Authorised fund_settled Bank confirmed fiat receipt
Payment Unauthorised fund_failed Bank declined payment
Crypto Settled asset_settled User received cryptocurrency
Crypto Settle Failed asset_settle_failed Crypto delivery failed
Expired expired Order expired due to inactivity

Offramp Events

Webhooks for crypto-to-fiat (offramp) orders.

Event Status Description
Payment Initiated initiated Order created, awaiting stablecoin
Crypto Received asset_deposited PayItFast received crypto from user
Crypto Receive Failed asset_deposit_failed Crypto not received
Payment Sent fund_settled User received fiat
Payment Failed fund_failed Bank declined fiat transfer
Expired expired Order expired due to inactivity

Signature Verification

All webhooks are signed with HMAC-SHA256 using a dedicated secret key. You should always verify the signature to ensure the webhook was sent by PayItFast and has not been tampered with.

Verification Steps

  1. Generate an HMAC-SHA256 hash using your secret key and the raw request body.
  2. Compare the generated hash with the value in the X-PayItFast-Hmac-Hash header.
  3. If they match, the webhook is valid. If they do not match, the payload may have been tampered with — discard it.

Node.js Example

JavaScript
const crypto = require('crypto');

const hash = crypto
  .createHmac('sha256', secretKey)
  .update(JSON.stringify(requestBody))
  .digest('hex');

const isValid = hash === request.headers['x-payitfast-hmac-hash'];

Python Example

Python
import hmac, hashlib

hash = hmac.new(
    secret_key.encode(),
    request_body.encode(),
    hashlib.sha256
).hexdigest()

is_valid = hash == request.headers['X-PayItFast-Hmac-Hash']
Secret Key

Contact PayItFast technical support to obtain your webhook secret key. Store it securely and never expose it in client-side code.


Retry Mechanics

PayItFast automatically retries failed webhook deliveries to ensure you receive every notification.

Parameter Value
Retry window Up to 2 hours from the initial attempt
Max retries 8 retry attempts
Interval 15-minute intervals between retries
Enabled by default Yes — no configuration needed
Required response Your endpoint must return HTTP 200 to acknowledge receipt
Trigger conditions Timeouts or connection failures
Important

Your webhook endpoint must return an HTTP 200 status code to acknowledge receipt. Any other status code (or a timeout) will trigger a retry. Ensure your endpoint processes webhooks idempotently, as retries may deliver the same event more than once.


Error Reference

Review all failure codes that may appear in webhook payloads.

View reference

Orders & Payments

Understand the order lifecycle that triggers these webhook events.

View endpoints

Integration Guide

Step-by-step guide for setting up webhooks in your integration.

View guide