Webhooks helps you get notified about events that happen over PayKun.

For example:- when a buyer makes a payment, PayKun can send an HTTP POST request to the merchant server. This avoids keeping polling over PayKun servers for updates.

It is simply a communication channel between PayKun servers and merchant servers.

Webhooks allow you to build or set up integrations which subscribe to certain events on PayKun API.

Functional use cases of Webhook are :

  • Sending customized emails to merchants at the end of every transaction.

  • Registration of a new user account on server.

Webhook is an alternative way by which Paykun can inform about different events, this is server to server calling mechanism and so you have to implement logic for how you want to handle this event in your system and you have to provide a Callback URL where PayKun would send the event data.

Your Callback URL should handle POST Request and it should return HTTP 200 on successful processing of request. For any other status, PayKun will again try Calling URL for 3 times after some time intervals.

Note : In very rare cases you might receive the same event twice, in that case you need to handle the request by keeping in mind to avoid the duplicate processing.

In Callback request, you will get following data :

	"transaction": {
		"payment_id": "55873-83139-75447-76995",
		"merchant_email": "merchantemail@test.com",
		"merchant_id": "123456789012345",
		"status": "Success",
		"status_flag": 0,
		"payment_mode": "WALLET",
		"order": {
			"order_id": "DEMO_ORD1560424646862",
			"product_name": "Test Checkout",
			"gross_amount": 11,
			"gateway_fee": 0.22,
			"tax": 0.04
		"customer": {
			"name": "Customer Name",
			"email_id": "customeremail@gmail.com",
			"mobile_no": "1234567890"
		"shipping": {
			"address": null,
			"city": null,
			"state": null,
			"country": null,
			"pincode": null
		"billing": {
			"address": null,
			"city": null,
			"state": null,
			"country": null,
			"pincode": null
		"custom_field_1": null,
		"custom_field_2": null,
		"custom_field_3": null,
		"custom_field_4": null,
		"custom_field_5": null,
		"date": "1581769083",
		"signature": "e08bf1fcaf01d5fa4198de47d08a0158a9526b9e341e8a53bb8d3373b9268861f0bc0c363e60371e0f723558296f23ec43de8aceafd833498d2cf94bf8032b64"

Note: Request data will be posted as a Raw JSON body. In Core PHP you will be able to get it using [$data = json_decode(file_get_contents('php://input'), true);]

Here, the status will be Success if transaction is successful otherwise it will represent other status like Failed or Not Attempted.

status_flag will be 1 (true) for successful transactions and for all other status it will be 0 (false).

We provide the signature. You should always calculate the signature and compare it at your end before processing the request any further. If the signature is a mismatch then you should discard that request for security reasons. Signature is generated using the API Secret.

You can use below function to compare Signature in PHP :

function compareSignature($transactionData, $receivedSignature, $apiSecret) {
	$dataString = '';
	// Unset signature from data
	foreach ($transactionData as $key => $value) {
		if (is_array($value)) {
			foreach ($value as $_key => $_value) {
				$dataString .= $_value;
				$dataString .= '|';
		} else {
			$dataString .= $value;
			$dataString .= '|';
	$dataString .= '#';
	// Creating signature
	$signature = hash_hmac('sha512', $dataString, $apiSecret);
	if(hash_equals($receivedSignature, $signature)) {
		// Signature match
		return true;
	// Signature mismatch
	return false;

Last updated