Guide
Webhooks
Some things happen after an API call returns — an ACH payment settles, a dispute is opened, or a merchant's onboarding status changes. Pay-Pi forwards signed events for these to a callback URL you register, so your systems stay in sync without polling.
What you'll receive
Pay-Pi forwards events including:
- ACH settlement — an ACH payment that was
PENDINGhas settled or failed. - Disputes — a payment has been disputed or charged back.
- Onboarding changes — a merchant's
onboardingStatus,chargesEnabled, orpayoutsEnabledchanged.
Delivery
Each event is an HTTPS POST to your callback URL with a JSON body and a
signature header. Events reference the affected object — for a payment, the same
lcPaymentId and orderRef you saw when you created it.
POST https://your-app.example.com/webhooks/pay-pi
Content-Type: application/json
Pay-Pi-Signature: t=1718900000,v1=3f9a... # verify before trusting the body
{
"type": "payment.settled",
"lcPaymentId": "pay_2Bd7...",
"orderRef": "order-1042",
"status": "SUCCEEDED",
"finixTransferId": "TRa1Q...",
"finixState": "SUCCEEDED"
} Illustrative shape. The exact event types, field names, and signature header are listed in your dashboard when you configure your callback URL.
Verify the signature
Every request carries a signature derived from your webhook signing secret. Verify it against the raw request body before acting on an event, and reject anything that doesn't match — this is how you know the event genuinely came from Pay-Pi. Your callback URL and signing secret are configured from your dashboard.
Responding
Return a 2xx quickly to acknowledge receipt. Do the heavy work
asynchronously, and make your handler idempotent (keyed on the event/payment id) so a
retried delivery is safe to process twice.