Integrations
Razorpay Webhooks Guide
Razorpay webhooks send payment, order, subscription, invoice, payout, and settlement events to your systems. These callbacks often update order state, unlock paid access, notify finance systems, or trigger fulfillment, so the webhook path needs signature verification and a careful retry model.
FastHook gives Razorpay a stable source URL, verifies x-razorpay-signature against the raw body, stores accepted and rejected request evidence, and lets teams retry or replay failed payment event deliveries without manually copying payloads from logs.
Razorpay signature verification
x-razorpay-signature: HMAC-SHA256 hex signature over the exact raw request body.- Use the same webhook secret in Razorpay and in the FastHook Razorpay source.
- Verify before parsing, transforming, or forwarding the payload.
- When a secret is rotated, old provider retries can still be signed with the old secret.
Create a Razorpay source
curl -X POST "https://api.fasthook.io/v1/sources" \
-H "Authorization: Bearer $FASTHOOK_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Razorpay production",
"type": "RAZORPAY",
"config": {
"auth_type": "PROVIDER_SIGNATURE",
"auth": {
"provider": "RAZORPAY",
"webhook_signing_secret": "razorpay-webhook-secret"
},
"allowed_http_methods": ["POST", "PUT", "PATCH", "DELETE"]
}
}'payment.authorized and routing
Treat Razorpay event names as routing inputs, not as one large payment stream. A failed receiver for one event family should not block every billing or fulfillment workflow that depends on Razorpay traffic.
| Event intent | Typical owner | FastHook control |
|---|---|---|
payment.authorized | Checkout or risk workflow | Route before fulfillment side effects run. |
| Payment captured or failed | Billing and order state | Use idempotency before changing paid access. |
| Subscription or invoice changes | Lifecycle automation | Replay narrow windows after downstream fixes. |
| Payout and settlement events | Finance or reconciliation | Send to separate destinations with independent retry policy. |
Edit or delete a Razorpay webhook
In the Razorpay dashboard, webhook configuration lives under account settings. Use the provider dashboard to edit the webhook URL, subscribed events, or secret, and delete stale endpoints that still point to old receivers. Keep one FastHook source per environment so production, staging, and local tests do not share a signing secret.
Debugging checklist
- No request appears: confirm Razorpay is calling the generated FastHook Source URL.
- 401 source auth failed: compare the webhook secret and
x-razorpay-signatureheader. - Signature mismatch: confirm the raw body was not changed before FastHook received it.
- Event accepted but not processed: inspect FastHook events and destination attempts.
- Replay pressure: retry one failed payment event before replaying a larger billing window.