Webhooks

Webhooks make payment confirmation resilient. Even if a buyer closes the tab after paying, the gateway’s webhook still triggers ticket issuance.

Endpoint

TixCore exposes a per-provider webhook receiver. Point your Razorpay webhook at:

text

https://your-app.netlify.app/api/v1/webhooks/razorpay

Signature verification

Set a webhook secret in your gateway dashboard and in Settings → Payments. TixCore computes an HMAC-SHA256 of the raw request body and compares it to the signature header in constant time. Requests that fail verification are logged and rejected.

// pseudocode of the receiver
const raw = await req.text();
const signature = req.headers.get("x-razorpay-signature");
const ok = adapter.verifyWebhook(raw, signature);
if (!ok) return new Response("invalid signature", { status: 400 });

Always verify against the raw request body. Parsing to JSON first will change the bytes and break the signature.

Handled events

payment.captured — confirms payment, issues tickets if not already issued.
payment.failed — marks the order failed.
refund.processed — marks tickets refunded.

Idempotency

Ticket issuance checks order status first, so a webhook arriving after the in-browser verify (or a duplicate webhook) will not double-issue.