Bunne

API Documentation

Webhooks

Signed events for asynchronous payment state.

Bunne sends webhook events by POST. Your endpoint should verify the signature, process idempotently and return any 2xx status to acknowledge delivery.

Payload
{  "id": "we_xxx",  "object": "event",  "type": "charge.paid",  "livemode": false,  "created": 1782388805,  "data": {    "object": {      "id": "ch_xxx",      "object": "charge",      "status": "paid",      "amount_cents": 10990,      "currency": "BRL",      "payment_method": "credit_card",      "capture_method": "manual",      "captured": true    }  }}
Verify signature
const signedPayload = timestamp + "." + rawBody;const expected = hmacSha256(webhookSecret, signedPayload);const valid = timingSafeEqual(expected, signatureFromHeader);

Delivery headers

FieldTypeDescription
Zedy-SignaturerequiredstringHMAC SHA-256 header in `t=unix_seconds,v1=hex` format.
Zedy-Event-IdrequiredstringPublic webhook event id.
Zedy-Delivery-IdrequiredstringDelivery attempt id for this endpoint/event.
Zedy-TimestamprequiredintegerUnix timestamp in seconds.

Events

charge.createdcharge.authorizedcharge.paidcharge.refusedcharge.failedcharge.refundedrefund.createdrefund.succeededrefund.failedchargeback.createdsettlement.createdsettlement.paidseller.createdseller.updated

Retry policy

Each attempt has a 10s timeout. Failed deliveries retry up to 7 total attempts with backoff of 60s, 5min, 15min, 1h, 6h and 24h. Endpoint/event pairs that already returned 2xx are not delivered again.