Skip to main content

Event Overview

Event Type: PAYMENT_SUCCESSFUL
Category: Payment
Description: Payment transaction was successful This webhook is triggered when a payment is marked CAPTURED (after a payment success callback or VBA transfer processor).

When the webhook is sent

  • Regular payment flow: After a payment success callback is received, the payment is updated to CAPTURED and the webhook is created.
  • VBA transfer flow: After a VBA transfer payment is successfully recorded, the webhook is created.
  • The webhook is created only if your merchant account (or parent, for sub-merchants) has an active API credential with a non-empty webhook URL.

Delivery Details

AttributeValue
HTTP methodPOST
URLThe webhook URL configured on your merchant account’s API credentials
Content-Typeapplication/json
Timeout10 seconds
RetriesUp to 5 delivery attempts (backoff: 1 min, 5 min, 15 min, 60 min)

Headers

HeaderDescription
Content-Typeapplication/json
User-AgentEximpe-Webhook/1.0
X-Webhook-EventPAYMENT_SUCCESSFUL
X-Webhook-TimestampUnix timestamp (string) at the time of the request
X-Webhook-SignatureHMAC-SHA256 signature of the request body (JSON string with keys sorted, no extra whitespace), using your API key as the secret. Hex-encoded.
Signature verification (recommended):
Compute HMAC-SHA256(encryption_key, raw_body) where raw_body is the exact UTF-8 request body as received. Compare the hex result with the X-Webhook-Signature header to ensure the webhook is from the platform and unchanged.

Payload Schema

{
  "event_type": "PAYMENT_SUCCESSFUL",
  "event_time": "2025-02-12T10:30:00.123456Z",
  "version": "2.0.0",
  "sequence_number": "550e8400-e29b-41d4-a716-446655440000",
  "data": {
    "payment_id": "770e8400-e29b-41d4-a716-446655440002",
    "order_id": "660e8400-e29b-41d4-a716-446655440001",
    "status": "CAPTURED",
    "message": "Payment successful",
    "mop_type": "VBA_TRANSFER",
    "bank_ref_num": "BANKREF123",
    "payment_completed_at": "2025-02-12T10:29:55.000000Z",
    "utr": "UTR123456",
    "virtual_account_id": "USER09",
    "subscription_id": null
  }
}

Field Specifications

event_type
string
required
Always "PAYMENT_SUCCESSFUL" for this webhook event
event_time
string
required
ISO 8601 datetime when the webhook event was createdExample: "2025-02-12T10:30:00.123456Z"
version
string
required
Envelope version (e.g. “2.0.0”)
sequence_number
string
required
Unique identifier for this webhook event (UUID), useful for idempotencyExample: "550e8400-e29b-41d4-a716-446655440000"
data
object
required
Payment request details (payment_id, order_id, status, message, mop_type, bank_ref_num, payment_completed_at, utr, virtual_account_id, subscription_id)

What to Do When You Receive This Webhook

  1. Respond with HTTP 2xx (e.g. 200 OK) as soon as you have accepted the payload, so the platform marks the delivery as successful and does not retry.
  2. Verify the signature using your API key and the raw request body (HMAC-SHA256, hex) to ensure authenticity.
  3. Use data.payment_id and data.order_id to reconcile with your system or fetch more details from the Partner API.
  4. Note: You may subsequently receive a PAYMENT_DETAILS_MISSING webhook if verification details are missing on the order (see Payment Details Missing).