Notification webhooks

Endpoint requirements

What a notification endpoint must satisfy to receive webhooks.

A notification endpoint is a URL you register to receive webhooks. Before Tekmerion will deliver to it, the endpoint MUST meet the requirements below. These are properties of the destination itself — separate from how you authenticate a delivery once it arrives (see Signature verification).

The endpoint MUST be a public HTTPS URL

  • The URL MUST use https. Plaintext http is rejected; notifications carry payment-related data and are always sent over TLS.
  • The host MUST be publicly resolvable and reachable from the internet. An endpoint that only resolves inside your own network cannot receive deliveries.
  • The TLS certificate MUST be valid for the host and chain to a public certificate authority. Tekmerion verifies the certificate on every delivery and will not send to an endpoint it cannot establish a trusted TLS connection with.
  • The URL MUST NOT embed credentials (https://user:pass@…). Authenticate the delivery by verifying its signature, not by a secret baked into the URL.
If your receiver runs behind a private network or a local tunnel, expose it through a public HTTPS hostname before registering it. An endpoint Tekmerion cannot reach from the public internet will only ever record failed deliveries.

Redirects are not followed

Tekmerion delivers to exactly the URL you registered. A redirect response (3xx with a Location) is not followed — it is treated as a non-success delivery and the notification is retried later, against the original URL.

  • Register the final URL you want to receive on. Do not rely on a redirect to forward deliveries to it.
  • A 3xx is not an acknowledgement. Only a success response acknowledges receipt — see Delivery semantics.

Respond before the timeout

Each delivery attempt is bounded by a timeout. If your endpoint has not sent its response headers within that window, Tekmerion abandons the attempt, records it as failed, and retries the notification as a new send of the same record.

  • Acknowledge fast. Accept the request, deduplicate by delivery_record_id, and do any slow downstream work asynchronously — do not hold the connection open while you process.
  • A timed-out attempt is a delivery-plane outcome, never payment truth. A notification that timed out is retried; it does not mean the payment did not occur. Reconcile canonical state through the API and the signed Proof-of-Payment artifact.

Checklist

  • Serve a public https:// URL with a valid, publicly trusted TLS certificate.
  • Do not put credentials in the URL.
  • Return your response on the registered URL itself — redirects are not followed.
  • Acknowledge within the timeout; process asynchronously.
  • Verify the signature before acting on a delivery — see Signature verification.

Endpoint health and suspension

Auto-suspension, SUSPENDED behaviour, and reactivation.

Event catalog

The notification event types and their payload classes.

On this page

The endpoint MUST be a public HTTPS URLRedirects are not followedRespond before the timeoutChecklist