payment.status event to all of your active endpoints, signed so you can prove it came from Qint.
Create an endpoint
- In the dashboard, go to Developers → Webhooks → Add endpoint.
- Enter your receiver URL — it must be
https://. You can register up to 5 endpoints per merchant. - Copy the signing secret (
whsec_…) from the creation response.
Test it
Use Send test event on the endpoint’s page. It queues a signed event with typeping through the same delivery pipeline as real events, so it exercises your signature verification end to end. The delivery log shows whether your server answered 2xx.
The receiving contract
Your endpoint should:- Verify the signature —
X-Qint-Signatureis an HMAC-SHA256 of the raw request body with yourwhsec_…secret. See verifying signatures for working code. - Deduplicate on
X-Qint-Event-Id— retries redeliver the same event with the same id. - Return 2xx fast — acknowledge first, process asynchronously. Slow responses risk timeouts, which count as failed deliveries and trigger retries.
Request headers
Don’t derive business state from the order of webhook arrivals — network
retries can reorder them. Treat each event as “something changed”, verify,
then reconcile against
GET /api/v1/intents/{id} if your logic is
order-sensitive.