Webhooks

Webhooks enable your application to receive real-time HTTP notifications when events occur in your RevKeen account. Instead of polling the API, webhooks push data to you.

How Webhooks Work

Configure an endpoint -- Register a URL in your dashboard
Event occurs -- Something happens (payment, subscription change, etc.)
RevKeen sends POST -- We send a JSON payload to your URL
You respond -- Return 200 OK to acknowledge receipt
We retry if needed -- Failed deliveries are retried automatically

Webhook Payload

All webhooks have a consistent structure:

{
  "id": "evt_xxxxxxxx",
  "type": "invoice.paid",
  "created": "2026-01-15T10:30:00Z",
  "data": {
    "id": "inv_xxxxxxxx",
    "customerId": "cus_xxxxxxxx",
    "status": "paid",
    "totalMinor": 9900,
    "currency": "USD"
  }
}

Field	Type	Description
`id`	string	Unique event identifier
`type`	string	Event type (e.g., `invoice.paid`)
`created`	string	ISO 8601 timestamp
`data`	object	Event payload (varies by type)

Setting Up Webhooks

Via Dashboard

Go to Settings > Webhooks in your dashboard
Click Add Endpoint
Enter your endpoint URL
Select events to subscribe to
Copy the signing secret for verification

Via API

cURL

curl -X POST "https://api.revkeen.com/v1/webhooks" \
  -H "Authorization: Bearer rk_live_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://yourapp.com/webhooks/revkeen",
    "events": ["invoice.paid", "subscription.created", "subscription.cancelled"]
  }'

TypeScript

const webhook = await client.webhooks.create({
  url: 'https://yourapp.com/webhooks/revkeen',
  events: [
    'invoice.paid',
    'subscription.created',
    'subscription.cancelled',
  ],
});

// Store the signing secret securely
console.log(webhook.data.secret);

Python

webhook = client.webhooks.create(
    url="https://yourapp.com/webhooks/revkeen",
    events=[
        "invoice.paid",
        "subscription.created",
        "subscription.cancelled"
    ]
)

# Store the signing secret securely
print(webhook.data.secret)

Verifying Signatures

Always verify webhook signatures to ensure requests are from RevKeen.

Signature Header

Every webhook includes a X-RevKeen-Signature header:

X-RevKeen-Signature: t=1673856000,v1=5d2c67...abc123

TypeScript Verification

import crypto from 'crypto';

function verifyWebhook(
  payload: string,
  signature: string,
  secret: string
): boolean {
  const [timestamp, sig] = signature.split(',').map(s => s.split('=')[1]);

  // Reject old timestamps (>5 minutes)
  const age = Date.now() - parseInt(timestamp) * 1000;
  if (age > 300000) {
    throw new Error('Webhook timestamp too old');
  }

  // Compute expected signature
  const expected = crypto
    .createHmac('sha256', secret)
    .update(`${timestamp}.${payload}`)
    .digest('hex');

  // Constant-time comparison
  return crypto.timingSafeEqual(
    Buffer.from(sig),
    Buffer.from(expected)
  );
}

// Express.js example
app.post('/webhooks/revkeen', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.headers['x-revkeen-signature'] as string;
  const payload = req.body.toString();

  try {
    if (!verifyWebhook(payload, signature, process.env.WEBHOOK_SECRET!)) {
      return res.status(401).send('Invalid signature');
    }

    const event = JSON.parse(payload);

    switch (event.type) {
      case 'invoice.paid':
        handleInvoicePaid(event.data);
        break;
      case 'subscription.cancelled':
        handleSubscriptionCancelled(event.data);
        break;
    }

    res.json({ received: true });
  } catch (err) {
    res.status(400).send(`Webhook Error: ${err.message}`);
  }
});

Python Verification

import hmac
import hashlib
import time
import json
from fastapi import FastAPI, Request, HTTPException

def verify_webhook(payload: str, signature: str, secret: str) -> bool:
    parts = dict(p.split('=') for p in signature.split(','))
    timestamp = parts['t']
    sig = parts['v1']

    # Reject old timestamps (>5 minutes)
    age = time.time() - int(timestamp)
    if age > 300:
        raise ValueError('Webhook timestamp too old')

    # Compute expected signature
    expected = hmac.new(
        secret.encode(),
        f'{timestamp}.{payload}'.encode(),
        hashlib.sha256
    ).hexdigest()

    # Constant-time comparison
    return hmac.compare_digest(sig, expected)

@app.post('/webhooks/revkeen')
async def webhook_handler(request: Request):
    signature = request.headers.get('x-revkeen-signature')
    payload = await request.body()

    if not verify_webhook(payload.decode(), signature, WEBHOOK_SECRET):
        raise HTTPException(status_code=401, detail='Invalid signature')

    event = json.loads(payload)

    if event['type'] == 'invoice.paid':
        await handle_invoice_paid(event['data'])
    elif event['type'] == 'subscription.cancelled':
        await handle_subscription_cancelled(event['data'])

    return {'received': True}

Best Practices

Respond quickly -- Return 200 OK as soon as possible. Process events asynchronously using a queue.
Handle duplicates -- Events may be delivered multiple times. Use the event id for idempotency.
Verify signatures -- Always verify X-RevKeen-Signature to ensure webhooks are authentic.
Use HTTPS -- Only register HTTPS endpoints. HTTP endpoints will be rejected.
Log everything -- Log incoming webhooks for debugging and audit purposes.
Test with CLI -- Use revkeen webhook test to send test events to your local endpoint.

Retry Policy

If your endpoint does not return 2xx:

Attempt	Delay
1	Immediate
2	5 minutes
3	30 minutes
4	2 hours
5	8 hours
6	24 hours

After 6 failed attempts, the event is marked as failed. View failed events in your dashboard.

Event Naming Convention

Events follow the pattern: resource.action

customer.created -- A customer was created
invoice.paid -- An invoice was paid
subscription.canceled -- A subscription was canceled

You can subscribe to event patterns like invoice.* to receive all invoice events, or * to receive all events.

Event Catalog

Customer Events

Event	Description	Action Required
`customer.created`	Customer was created	Sync to CRM
`customer.updated`	Customer details changed	Sync changes
`customer.deleted`	Customer was deleted	Clean up data

Invoice Events

Event	Description	Action Required
`invoice.created`	Invoice created	-
`invoice.updated`	Invoice modified	-
`invoice.finalized`	Invoice locked for payment	-
`invoice.sent`	Invoice emailed	-
`invoice.viewed`	Customer viewed invoice	-
`invoice.paid`	Invoice fully paid	Provision service
`invoice.payment_failed`	Payment attempt failed	Notify customer
`invoice.past_due`	Invoice past due date	Send reminders
`invoice.voided`	Invoice voided	Cancel fulfillment
`invoice.approved`	Invoice approved	Send to customer
`invoice.partially_paid`	Partial payment received	-
`invoice.due_soon`	Due date approaching	Send reminder
`invoice.uncollectible`	Marked as bad debt	Write off

Subscription Events

Event	Description	Action Required
`subscription.created`	Subscription created	Wait for activation
`subscription.activated`	Subscription active	Grant access
`subscription.updated`	Subscription changed	Update access level
`subscription.renewed`	Subscription renewed	Extend access
`subscription.canceled`	Subscription canceled	Access until period end
`subscription.paused`	Subscription paused	Suspend access
`subscription.resumed`	Subscription resumed	Restore access
`subscription.trial_will_end`	Trial ends in 3 days	Notify customer
`subscription.past_due`	Payment overdue	Start dunning
`subscription.unpaid`	All retries failed	Suspend access
`subscription.expired`	Term ended without renewal	Revoke access

Payment Events

Event	Description	Action Required
`payment.succeeded`	Payment captured	Provision service
`payment.failed`	Payment failed	Retry or notify
`payment.refunded`	Payment refunded	Update fulfillment
`payment.captured`	Authorization captured	-
`payment.disputed`	Chargeback received	Submit evidence
`payment.refund_failed`	Refund failed	Manual intervention

Payment Method Events

Event	Description	Action Required
`payment_method.created`	Card saved	-
`payment_method.updated`	Card updated (ACU)	-
`payment_method.deleted`	Card removed	-
`payment_method.expiring`	Card expiring soon	Request new card
`payment_method.expired`	Card expired	Notify customer
`payment_method.failed`	Card validation failed	Request new card

Payment Link Events

Event	Description	Action Required
`payment_link.created`	Payment link created	-
`payment_link.viewed`	Link viewed	-
`payment_link.completed`	Link completed	Fulfill order
`payment_link.expired`	Link expired	-

Checkout Session Events

Event	Description	Action Required
`checkout.session.created`	Session initiated	-
`checkout.session.completed`	Checkout completed	Fulfill order
`checkout.session.expired`	Session expired	Cart recovery

Void Events

Event	Description	Action Required
`void.created`	Void initiated	-
`void.succeeded`	Void completed	Update records
`void.failed`	Void failed	Try refund instead

Order Events

Event	Description	Action Required
`order.created`	Order created	-
`order.paid`	Order paid	Begin fulfillment
`order.fulfilled`	All items delivered	-
`order.partially_fulfilled`	Some items delivered	-
`order.canceled`	Order canceled	Stop fulfillment
`order.updated`	Order modified	-

Product Events

Event	Description	Action Required
`product.created`	Product created	Sync catalog
`product.updated`	Product updated	Sync changes
`product.deleted`	Product deleted	Remove from catalog

Price Events

Event	Description	Action Required
`price.created`	Price created	Update pricing
`price.updated`	Price updated	Update pricing
`price.deleted`	Price deleted	Remove pricing

Discount Events

Event	Description	Action Required
`discount.created`	Discount created	-
`discount.updated`	Discount updated	-
`discount.deleted`	Discount deleted	-
`discount.redeemed`	Discount used	Track usage

Event Count by Category

Category	Count
Customer	3
Invoice	13
Subscription	11
Payment	6
Payment Method	6
Payment Link	4
Checkout Session	3
Void	3
Order	6
Product	3
Price	3
Discount	4
Total	65

Webhooks

On this page