Skip to content
ParaSta Docs

Webhooks Overview

Webhooks let your server react to events that happen out-of-band — most importantly, when a payment confirms on-chain.

How it works

Section titled “How it works”
  1. You register an endpoint URL via POST /v1/webhook_endpoints, specifying which events you want.
  2. ParaSta returns a signing secret. Save it — it cannot be retrieved later.
  3. When an event occurs, ParaSta POSTs a JSON payload to your URL with the X-ParaSta-Signature header.
  4. You verify the signature, check event.id for idempotency, then process.

Payload shape

Section titled “Payload shape”
{
  "id": "evt_abc123",
  "type": "checkout.session.completed",
  "created": "2026-05-06T10:32:01Z",
  "data": {
    "object": { /* the relevant object — Checkout Session, Payment, etc. */ }
  },
  "livemode": false
}

Best practices

Section titled “Best practices”
  • Respond 2xx within 10 seconds. ParaSta retries non-2xx responses.
  • Be idempotent. Use event.id as a dedupe key — the same event may be delivered multiple times.
  • Verify signatures. Always — never trust the payload before verification.
  • Handle out-of-order delivery. Especially payment.pending and payment.succeeded — design your state machine to accept events in any order.

See also

Section titled “See also”