Real-time event notifications for your integration.
| Event | Description |
|---|---|
order.created | A new order was created |
order.updated | An order's status or details changed |
invoice.created | A Lightning invoice was generated |
invoice.paid | An invoice was paid |
invoice.expired | An invoice expired without payment |
payment.received | A payment was received |
payment.confirmed | A payment was confirmed |
A unique secret key is auto-generated for each webhook endpoint. You'll use this to verify signatures.
Every webhook request includes these headers:
| Header | Description |
|---|---|
X-Webhook-Signature | HMAC-SHA256 hex digest of the raw JSON body |
X-Webhook-Event | Event type (e.g. payment.confirmed) |
X-Webhook-Delivery-ID | Unique delivery identifier |
X-Idempotency-Key | Use this to deduplicate deliveries |
X-Webhook-Timestamp | Unix timestamp of when the webhook was sent |
User-Agent | SatsRail-Webhook/1.0 |
Compute an HMAC-SHA256 of the raw JSON request body using your webhook's secret key.
Compare the result to the
X-Webhook-Signature
header.
const crypto = require('crypto');
function verifyWebhook(body, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(body, 'utf8')
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}import hmac, hashlib
def verify_webhook(body: bytes, signature: str, secret: str) -> bool:
expected = hmac.new(
secret.encode(), body, hashlib.sha256
).hexdigest()
return hmac.compare_digest(signature, expected)def verify_webhook(body, signature, secret)
expected = OpenSSL::HMAC.hexdigest("SHA256", secret, body)
ActiveSupport::SecurityUtils.secure_compare(signature, expected)
endSatsRail retries failed webhook deliveries (non-2xx responses) up to 3 times:
| Attempt | Delay |
|---|---|
| 1st retry | 30 seconds |
| 2nd retry | 5 minutes |
| 3rd retry | 30 minutes |
For additional webhook reference, see the Webhooks documentation page.
Follow the quickstart to get up and running in minutes.
Quickstart Guide →