API Reference

Webhook Endpoints

A webhook endpoint is a URL on your server that LuniPay calls when events happen. Register one per environment, store the signing secret, and verify every request.

Webhook endpoints are scoped per livemode — a test-mode endpoint never receives live events, and vice versa. LuniPay signs every delivery with HMAC-SHA256 over `timestamp.payload` and sends it as `LuniPay-Signature: t=...,v1=...`. Failed deliveries retry with exponential backoff over ~10.5 hours.

The webhook_endpoint object

idstring

Unique identifier, prefixed with `we_`.

objectstring

Always `"webhook_endpoint"`.

livemodeboolean

Whether this endpoint receives test or live events.

urlstring

Your HTTPS URL that receives POST deliveries.

descriptionstringnullable

Internal label for the dashboard.

enabled_eventsarray

List of event types this endpoint subscribes to. Use `["*"]` to receive everything.

is_activeboolean

Pause deliveries without deleting the endpoint.

signing_secretstring

The `whsec_…` secret used to verify request signatures. **Only returned once — on create.** Store it immediately.

createdinteger

Creation timestamp (unix).

updatedinteger

Last-updated timestamp (unix).

{
  "id": "we_01JRZKC5PRGHKV82AW7XNMFD9H",
  "object": "webhook_endpoint",
  "livemode": false,
  "url": "https://example.com/webhooks/lunipay",
  "description": "Production webhook receiver",
  "enabled_events": [
    "checkout.session.completed",
    "payment.succeeded",
    "payment.failed"
  ],
  "is_active": true,
  "signing_secret": "whsec_shown_once_on_create_only",
  "created": 1713100800,
  "updated": 1713100800
}