Payment Webhooks — reliability, retries, signing, idempotency

Problem

Webhooks are the backbone of payment notifications. They must deliver despite provider hiccups and network issues.

Principles

• Signature verification per provider
• Idempotency keys to avoid duplicate effects
• Exponential backoff with max retry windows
• Auditable payload storage and replay

Implementation Outline

1. Verify signatures using provider‑specific secrets
2. Record payload and status, include idempotency key
3. Retry with backoff until success or timeout
4. Expose replay endpoint for ops