Skip to main content
Use this endpoint to retrieve the webhook configurations registered on your Kulmi Pay account. Each webhook endpoint subscribes to one or more event types. When a matching event occurs, Kulmi Pay sends an HTTP POST request to your endpoint containing the event payload. Method: GET
URL: https://app.kulmipay.com/api/v1/webhooks/ Webhook endpoints must use HTTPS. Endpoints that cannot be reached or return non-2xx responses repeatedly will be automatically disabled after reaching the failure threshold.

Code example

cURL
curl --request GET \
  --url https://app.kulmipay.com/api/v1/webhooks/ \
  --header "Authorization: Bearer YOUR_SECRET_KEY"

Webhook object

id
string
Unique identifier for this webhook configuration.
endpoint
string
The HTTPS URL where Kulmi Pay sends event payloads. Must include a valid, verifiable TLS certificate.
is_active
boolean
Whether this webhook is currently active. Kulmi Pay sets this to false automatically when the endpoint reaches the failure threshold.
collection_event
boolean
When true, this webhook receives notifications whenever a collection invoice changes state (for example, when a payment completes or fails).
send_money_event
boolean
When true, this webhook receives notifications for disbursement (send money) state changes.
reversal_event
boolean
When true, this webhook receives notifications when a chargeback or reversal is processed on your account.
wallet_transfer_event
boolean
When true, this webhook receives notifications when an intra-wallet transfer is completed.
subscription_event
boolean
When true, this webhook receives notifications when a subscription status or billing cycle changes.
failures_count
number
The number of consecutive delivery failures for this endpoint. Kulmi Pay will warn you by email when this reaches 50% of the failure threshold, and disable the endpoint at 100%.
created_at
string
ISO 8601 timestamp of when this webhook was registered.
updated_at
string
ISO 8601 timestamp of the last configuration update.

Example response

{
  "count": 1,
  "results": [
    {
      "id": "3f2504e0-4f89-11d3-9a0c-0305e82c3301",
      "endpoint": "https://yourapp.example.com/webhooks/kulmipay",
      "is_active": true,
      "collection_event": true,
      "send_money_event": true,
      "reversal_event": false,
      "wallet_transfer_event": false,
      "subscription_event": true,
      "failures_count": 0,
      "created_at": "2024-03-01T12:00:00Z",
      "updated_at": "2024-04-10T09:30:00Z"
    }
  ]
}
The challenge secret used to verify incoming webhook payloads is not returned by this endpoint. Store your challenge secret securely at the time you register the webhook. Use it to validate the X-Kulmi Pay-Signature header on incoming requests.

Verifying webhook payloads

Kulmi Pay signs every outgoing webhook request. Verify the signature before processing any event to confirm the payload originated from Kulmi Pay and has not been tampered with. Use your challenge secret to compute an HMAC-SHA256 signature of the raw request body and compare it against the value in the X-Kulmi Pay-Signature header.