Switch to dark theme

Switch to light theme

Webhooks FAQs

How do I configure a Webhook?
You will need to provide a webhook endpoint to Zeta, where Zeta will send the event notification against the subscribed events. Zeta will register the webhook endpoint and share a secret token with you to validate the incoming webhook messages. Using Fusion APIs, you can subscribe to an event. See Configure Webhooks to find more details on webhook setup.
Where do I find the Webhook specifications for incoming messages sent to my webhook endpoint?
With every subscribed events, Zeta triggers an HTTP POST call and sends an X-Zeta-HMAC HTTP Header along with the event message. This header is used to validate the incoming messages coming from the trusted source
How do I verify that incoming Webhook messages are sent from Zeta?
Zeta sends an X-Zeta-HMAC HTTP Header in the event payload. To verify that an incoming message comes from Zeta, generate a HMAC signature and compare with X-Zeta-HMAC. See Configure Webhooks to find more details on inbound webhook validation. No, this functionality is in the early adopter stage.
I receive Webhook notifications frequently, can we apply rate limit here?
Zeta sends notifications against the subscribed events to your webhook endpoint as they occur. Hence, we don’t restrict the number of notifications targeted to your application.
What are the IP ranges that Zeta uses for sending Webhook messages?
Zeta uses a range of IP addresses that you may consider to white-list. Contact Zeta Support to know the complete list of IPs.
Can I subscribe for events via a user interface?
Yes, we also provide a back office Notification Center that allows you to configure webhook communication and also create policies related to event-based notifications based on your business requirements. Contact Zeta Support for more info.
Can I receive event notifications for unauthenticated transactions?
No notification is expected to be delivered for unauthenticated transactions. Any rouge individual on internet can enter the card details and attempt a transaction. Such transactions are not attributed to any individual, and thus nobody but the bank is notified.