Skip to main content

Overview

What webhooks are, why they are essential to your Adyen integration, and how the rest of this section is organized.

This page explains what webhooks are and why they are essential to a reliable Valpay and Adyen integration.

What a webhook is

A webhook is a lightweight message that Adyen pushes to your server using an HTTP POST call when an event occurs. Instead of repeatedly polling an API to check for a status change, you expose an endpoint that you define, and Adyen notifies you as soon as something happens.

When you configure a webhook, you are subscribing to be notified about events such as a payment being authorized, captured, refunded, or charged back.

Why webhooks are essential

Many flows in an Adyen integration are asynchronous: the final status of a payment is not always known immediately from the synchronous API response. For some payment methods, confirmation can take seconds, minutes, or longer.

The webhook carries the authoritative outcome of the event. You should rely on the webhook to drive your business logic, not on the synchronous API or frontend result alone. For example, when a payment is authorized, you can mark the order as paid and start fulfillment only after you receive the corresponding webhook.

Webhooks are also the only way to learn about events that do not result from an API request you made, such as a shopper initiating a chargeback.

What you must do with each webhook

For every webhook Adyen sends, your server should:

  1. Acknowledge the webhook by responding with a successful 2xx HTTP status code, such as 200 or 202. Adyen expects this response within 10 seconds, or the event is queued and retried.

  2. Store the message so you can process it later.

  3. Process the contents and apply your business logic, after you have acknowledged it.

Verify that the webhook genuinely came from Adyen before you trust its data. See Security (HMAC Validation).

How this section is organized

  • Standard Notifications: the main webhook for payment lifecycle events, and how to set it up.

  • Event Types: the common eventCode values your server should handle.

  • Security (HMAC Validation): how to verify authenticity and protect your endpoint.

  • Handling Webhooks: how to receive, acknowledge, and process webhooks correctly.

Did this answer your question?