Webhooks
Signed events for asynchronous payment state.
Bunne sends webhook events by POST. Your endpoint should verify the signature, process idempotently and return any 2xx status to acknowledge delivery.
Payload
{ "id": "we_xxx", "object": "event", "type": "charge.paid", "livemode": false, "created": 1782388805, "data": { "object": { "id": "ch_xxx", "object": "charge", "status": "paid", "amount_cents": 10990, "currency": "BRL", "payment_method": "credit_card", "capture_method": "manual", "captured": true } }}Verify signature
const signedPayload = timestamp + "." + rawBody;const expected = hmacSha256(webhookSecret, signedPayload);const valid = timingSafeEqual(expected, signatureFromHeader);Delivery headers
| Field | Type | Description |
|---|---|---|
Zedy-Signaturerequired | string | HMAC SHA-256 header in `t=unix_seconds,v1=hex` format. |
Zedy-Event-Idrequired | string | Public webhook event id. |
Zedy-Delivery-Idrequired | string | Delivery attempt id for this endpoint/event. |
Zedy-Timestamprequired | integer | Unix timestamp in seconds. |
Events
charge.createdcharge.authorizedcharge.paidcharge.refusedcharge.failedcharge.refundedrefund.createdrefund.succeededrefund.failedchargeback.createdsettlement.createdsettlement.paidseller.createdseller.updatedRetry policy
Each attempt has a 10s timeout. Failed deliveries retry up to 7 total attempts with backoff of 60s, 5min, 15min, 1h, 6h and 24h. Endpoint/event pairs that already returned 2xx are not delivered again.