Skip to main content
Webhooks push payment updates to your server the moment they happen — no polling. Every payment intent status transition enqueues a payment.status event to all of your active endpoints, signed so you can prove it came from Qint.

Create an endpoint

  1. In the dashboard, go to Developers → Webhooks → Add endpoint.
  2. Enter your receiver URL — it must be https://. You can register up to 5 endpoints per merchant.
  3. Copy the signing secret (whsec_…) from the creation response.
The signing secret is shown once — Qint stores it encrypted and cannot display it again. If you lose it, delete the endpoint and create a new one (you’ll get a new secret).

Test it

Use Send test event on the endpoint’s page. It queues a signed event with type ping through the same delivery pipeline as real events, so it exercises your signature verification end to end. The delivery log shows whether your server answered 2xx.

The receiving contract

Your endpoint should:
  1. Verify the signatureX-Qint-Signature is an HMAC-SHA256 of the raw request body with your whsec_… secret. See verifying signatures for working code.
  2. Deduplicate on X-Qint-Event-Id — retries redeliver the same event with the same id.
  3. Return 2xx fast — acknowledge first, process asynchronously. Slow responses risk timeouts, which count as failed deliveries and trigger retries.
Request headers
POST /your/webhook/path HTTP/1.1
Content-Type: application/json
X-Qint-Signature: sha256=5f8c1c1c…
X-Qint-Event-Id: 6b3a5c1e-93f0-4c62-9a2d-1f0f9d2e8b7a
Don’t derive business state from the order of webhook arrivals — network retries can reorder them. Treat each event as “something changed”, verify, then reconcile against GET /api/v1/intents/{id} if your logic is order-sensitive.

Managing endpoints

From Developers → Webhooks you can list endpoints, inspect each one’s recent delivery log, send test events, and delete endpoints you no longer need. Deleting an endpoint stops deliveries immediately.