curl

curl -X POST "https://api.services.payward.com/v1/webhooks/whk_01J0M7C0Z9F8YX3GQH8E/test" \
  -H "API-Key: $PWS_API_KEY" \
  -H "API-Nonce: $PWS_API_NONCE" \
  -H "API-Sign: $PWS_API_SIGN" \
  -H "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000"

{
  "data": {
    "result": "success",
    "test_id": "7d3a4d22-9c10-4d31-9b43-1c0e9b1c8a55",
    "http_status": 200,
    "response_body": "{\"received\":true}",
    "error_message": null,
    "payload_sent": "{\"id\":\"evt_01J0M9P2T7K3W2BHJ7T9\",\"type\":\"webhook.test\",\"data\":{...}}",
    "signature_header": "t=1761500651,v1=1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2"
  }
}

Webhooks

Test Webhook

Send a test event to verify your webhook configuration.

This endpoint sends a test event to your configured webhook URL, allowing you to verify that:

Your endpoint is reachable
Your signature verification is working correctly
Your endpoint responds appropriately

The test event will include a real HMAC signature that you can verify using your webhook secret.

Test Event Payload

The test event has the following structure:

{
 "event_type": "webhook.test",
 "message": "This is a test webhook event to verify your endpoint configuration."
}

Error Handling

Error Type	Message	When
`Webhook not found`	The webhook ID doesn’t exist or belongs to a different domain
`Webhook is disabled`	The webhook exists but is not enabled (`enabled: false`)

POST

webhooks

{webhook_id}

test

curl

curl -X POST "https://api.services.payward.com/v1/webhooks/whk_01J0M7C0Z9F8YX3GQH8E/test" \
  -H "API-Key: $PWS_API_KEY" \
  -H "API-Nonce: $PWS_API_NONCE" \
  -H "API-Sign: $PWS_API_SIGN" \
  -H "Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000"

{
  "data": {
    "result": "success",
    "test_id": "7d3a4d22-9c10-4d31-9b43-1c0e9b1c8a55",
    "http_status": 200,
    "response_body": "{\"received\":true}",
    "error_message": null,
    "payload_sent": "{\"id\":\"evt_01J0M9P2T7K3W2BHJ7T9\",\"type\":\"webhook.test\",\"data\":{...}}",
    "signature_header": "t=1761500651,v1=1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2"
  }
}

Authorizations

API-Key

string

header

required

Your public API key. Identifies the partner making the request.

API-Nonce

string

header

required

Monotonically increasing nonce included in the request signature.

API-Sign

string

header

required

HMAC signature over the request, computed with your private key.

Headers

Idempotency-Key

string<uuid>

Client-generated UUIDv4 for safe retries. Sent as the Idempotency-Key HTTP header. Replayed responses include the Idempotent-Replayed: true header.

Pattern: ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$

Example:

"550e8400-e29b-41d4-a716-446655440000"

Path Parameters

webhook_id

string

required

Unique identifier for the webhook

Example:

"WHTEST-XXXXX-EXAMPLE"

Response

Test webhook sent (check result for delivery status)

data

object

required

Show child attributes

Update Webhook

⌘I