Set Up Webhooks
Learn how to configure webhook endpoints and handle real-time event notifications. Webhooks allow your application to react to events as they happen in the Hyperscale platform.
How Webhooks Work
Hyperscale sends HTTP POST requests to your endpoint when events occur.
Real-time
Events delivered within seconds of occurring
Reliable
Automatic retries with exponential backoff
Secure
HMAC signatures for payload verification
Register a Webhook
Create a webhook endpoint and specify which events you want to receive.
1import { Hyperscale } from '@hyperscale/sdk';23const hyperscale = new Hyperscale({4 apiKey: process.env.HYPERSCALE_API_KEY,5});67// Register a webhook endpoint8const webhook = await hyperscale.webhooks.create({9 url: 'https://api.yourapp.com/webhooks/hyperscale',10 events: [11 'payment.completed',12 'payment.failed',13 'card.issued',14 'account.updated',15 ],16 secret: process.env.WEBHOOK_SECRET,17});1819console.log('Webhook ID:', webhook.id);20console.log('Signing key:', webhook.signingKey);Event Types
Subscribe to specific events relevant to your integration.
Payments
payment.initiatedPayment has been createdpayment.completedPayment successfully deliveredpayment.failedPayment failed to processpayment.cancelledPayment was cancelledCards
card.issuedNew card was issuedcard.activatedCard is ready for usecard.frozenCard was temporarily frozencard.blockedCard was permanently blockedAccounts
account.createdNew account openedaccount.updatedAccount details changedaccount.closedAccount was closedbalance.updatedAccount balance changedVerify Signatures
Always verify the webhook signature to ensure requests come from Hyperscale.
1import crypto from 'crypto';23function verifyWebhookSignature(4 payload: string,5 signature: string,6 secret: string7): boolean {8 const timestamp = signature.split(',')[0].split('=')[1];9 const sig = signature.split(',')[1].split('=')[1];1011 const signedPayload = timestamp + '.' + payload;12 const expectedSig = crypto13 .createHmac('sha256', secret)14 .update(signedPayload)15 .digest('hex');1617 return crypto.timingSafeEqual(18 Buffer.from(sig),19 Buffer.from(expectedSig)20 );21}Security: Never skip signature verification. Attackers could send fake webhooks to your endpoint.
Handle Events
Process webhook events in your application. Always return a 2xx response quickly.
1import express from 'express';23const app = express();45app.post('/webhooks/hyperscale', express.raw({ type: 'application/json' }), (req, res) => {6 const signature = req.headers['x-hyperscale-signature'] as string;7 const payload = req.body.toString();89 // Verify signature10 if (!verifyWebhookSignature(payload, signature, process.env.WEBHOOK_SECRET!)) {11 return res.status(401).send('Invalid signature');12 }1314 const event = JSON.parse(payload);1516 switch (event.type) {17 case 'payment.completed':18 console.log('Payment completed:', event.data.id);19 // Update your database, notify user, etc.20 break;2122 case 'payment.failed':23 console.log('Payment failed:', event.data.id);24 // Handle failure, retry logic, etc.25 break;2627 case 'card.issued':28 console.log('Card issued:', event.data.id);29 // Notify user, update UI, etc.30 break;3132 default:33 console.log('Unhandled event:', event.type);34 }3536 res.status(200).send('OK');37});Retry Policy
If your endpoint fails to respond, we retry with exponential backoff.
| Attempt | Delay | Note |
|---|---|---|
| 1st | Immediate | Sent instantly |
| 2nd | 5 minutes | If first fails |
| 3rd | 30 minutes | Exponential backoff |
| 4th | 2 hours | Extended retry |
| 5th | 24 hours | Final attempt |
Best Practices
- Return 2xx within 5 seconds, process async if needed
- Handle duplicate events (use idempotency keys)
- Store events before processing for recovery
- Monitor webhook failures and set up alerts
- Use a queue for high-volume event processing