Webhooks

Webhooks let your service react to events on the Credible Finance platform as they happen — such as a payout being approved or a collection completing. Follow the steps below to register, verify, and acknowledge webhook deliveries.

1. Set up your endpoint

  1. 1

    Register your endpoint

    Share the webhook receiving endpoint for your project with the Credible Finance team. We push events to this URL whenever something changes for your project.

2. Verify every delivery

Signature verification is how you ensure the event actually came from Credible Finance and wasn't spoofed.

  1. 1

    Generate the signature

    Generate the signature of the metadata object in the webhook body using the same signing process you use for outbound API calls.

  2. 2

    Match it against the one we send

    Compare your generated signature with the signature we include in the webhook. If they match, the payload is authentic.

  3. 3

    Reject mismatched signatures

    Verifying the signature confirms that the webhook originated from Credible Finance. If the signatures do not match, discard the event — do not process it.

3. Acknowledge and handle retries

  1. 1

    Respond with HTTP 200

    Acknowledge a successful receipt by responding with HTTP status code 200. Any other response is treated as a failure.

  2. 2

    Retries use exponential backoff

    If we don't receive a 200, we retry with exponential backoff — 1 min, 2 mins, 4 mins, 8 mins, 16 mins, and so on — for up to 10 attempts before giving up.