How to integrate webhooks

Webhooks are HTTP callbacks that receive notification messages for events. To create a webhook at PayPal, users configure a webhook listener and subscribe it to events. A webhook listener is a server that listens at a specific URL for incoming HTTP POST notification messages that are triggered when events occur. PayPal signs each notification message that it delivers to your webhook listener.

After you configure a listener, you can use a sample payload to simulate a webhook event. When you simulate an event, the simulator validates that your listener can successfully receive event data without any connectivity issues and generates mock event data to show you how webhook events look. You cannot verify these mock events.

After you validate your listener, you can subscribe your listener to events. When you subscribe your listener to events, you define:

A list of eventsAn event can be a payment authorization, a payment state change, and so on. To determine to which events to subscribe, review the supported webhook event names.
Your URLA webhook listener is a server that you configure at a specific web URL to listen for incoming HTTP `POST` notification messages that are triggered when those events occur. PayPal signs each notification message that it delivers to your web URL.

Finally, verify the notifications that your listener receives when events occur.

Webhooks are asynchronous, their order is not guaranteed, and idempotency might lead to a duplicate notification of the same event type.

Integration steps

To configure your webhook listener to receive notification messages for payment state changes and other events:

1.RequiredSet up your development environment.
2.RequiredConfigure a webhook listener.
3.OptionalValidate your listener configuration with mock webhook events.
4.RequiredSubscribe to events.
5.RequiredVerify event notifications.

Set up your development environment

Before you can integrate Webhooks, you must set up your development environment. After you get a token that lets you access protected REST API resources, you create sandbox accounts to test your web and mobile apps. For details, see Get started.

Then, return to this page to integrate webhooks.

Configure a webhook listener

A webhook listener is a server that listens at a specific URL for incoming HTTP POST notification messages that are triggered when events occur.

After you configure a listener, note the URL for the listener.

Use this URL to:

  • Simulate mock webhook events to validate your listener configuration.
  • Subscribe your webhook listener to events.

Next, optionally validate your listener configuration with mock webhook events.

Validate your listener configuration with mock webhook events

After you configure a listener, you can use a sample payload to simulate a webhook event. When you simulate an event, the simulator:

  • Validates that your listener can successfully receive event data without any connectivity issues.
  • Generates mock event data to show you how webhook events look.

    Note: The simulator generates mock events for demonstration purposes. You can view these events to see how events look. However, because these are mock events:

    • You cannot verify the simulator-generated events.
    • You cannot resend an event notification for a simulator-generated event.
    • You cannot show webhook details for a simulator-generated event.
After the simulator queues one or more mock events, your webhook listener URL can listen for HTTP POST notification messages. Each test event appears in your logs in the order that your listener receives them. The simulator sends mock static event data and event headers, which contain the PayPal-generated asymmetric signature and information that you can use to validate the signature.

To simulate a webhook event, use either:


Next, subscribe your listener to events.

Subscribe to events

To subscribe your webhook listener to events, use either the Developer Dashboard or the Webhooks API.

To use the dashboard to subscribe to events

  1. Log in to the Developer Dasbhoard.
  2. Create an app to generate your API credentials and subscribe to webhook events. If you already have an app, proceed to the next step.
  3. In the REST API apps section, click the link for the app to which you want to subscribe events.
  4. In the webhooks section, click Add Webhook.
  5. Add the URL for your listener, which is the endpoint URL that listens for incoming HTTP POST notification messages triggered when events occur.
  6. From the Event types list, select the events to which to subscribe your app. You can select either all events or one or more individual events.
  7. Click Save. The dashboard shows your webhook listener URL, the ID for the webhook, and the events to which you subscribed your app.

    You can use this webhook ID to complete these Webhooks API operations:

After you configure a listener, you can use a sample payload to simulate a webhook event. When you simulate an event, the simulator validates that your listener can successfully receive event data without any connectivity issues and generates mock event data to show you how webhook events look. You cannot verify these mock events.

After you validate your listener, you can subscribe your listener to events. When you subscribe your listener to events, you define:

A list of eventsAn event can be a payment authorization, a payment state change, and so on. To determine to which events to subscribe, review the supported webhook event names.
Your URLA webhook listener is a server that you configure at a specific web URL to listen for incoming HTTP `POST` notification messages that are triggered when those events occur. PayPal signs each notification message that it delivers to your web URL.

Finally, verify the notifications that your listener receives when events occur.

Webhooks are asynchronous, their order is not guaranteed, and idempotency might lead to a duplicate notification of the same event type.

Important: If your webhook endpoint is unavailable or takes too long to respond, PayPal resends the notification message 25 times over the course of three days until a successful response is given.

Verify event notifications

You can verify webhook event notifications that your listener receives when events occur.

Note: You cannot verify the mock simulator-generated events.

When you verify events, you can list webhook events by app. You can filter this list by date range, resource, and event type. You can also show status and details for an event and resend an event notification.

To verify webhook event notifications, use one of these methods:

To use the PayPal REST SDKs to verify event notifications

These PayPal REST SDKs provide reference implementations that enable you to verify event notifications:

To use the dashboard to verify event notifications

  1. Depending on your environment, go to either the Live Webhooks Events page or the Sandbox Webhooks Events page.
  2. Click Log into Dashboard.
  3. From the drop-down list, select the app for which to view webhook events.
  4. Optionally, you can filter the list of webhook events by:
    • Date range. The range must be in the last 30 days.
    • A resource. Specify the ID for a sale, authorization, or other resource.
    • An event. From the drop-down list, select either all events or one or more individual events. The dashboard shows events for the app, date range, resource, and event or events.
  5. You can complete these actions on the Webhooks Events page:
    • View the status for events. Received events show a green check mark and pending events show a yellow exclamation point.
    • Resend a notification. Click Resend next to any webhook event in the list.
    • Navigate the results pages. Click the arrows adjacent to the page number at the bottom of the page.
    • View event details. Click an event. Details include event ID, resource type, and summary.

Additional information