Skip to content
Last updated

Webhooks

Webhooks are HTTP messages that one application automatically sends to another when specific events occur. The Trustap API sends webhooks for events such as receiving a payment for a transaction or delivering a parcel. Use webhooks in your application to learn about the status of a transaction and start your own processes without polling the Trustap API.

Along with webhooks, the Trustap API also sends emails to users during the life of the transaction. Review the email guide for more information.

Webhook setup

Webhook configuration

You can create, edit, and delete your webhook configuration in your Trustap Dashboard.

Webhooks are only visible for admin users.

Click Create Webhook and enter the following details.

  • URL. This is the URL where the Trustap API sends all webhook events. Your endpoint must use a secure https URL.
  • Username and Password. Trustap includes your username and password in your webhook request for authentication.
Trustap Dashboard showing webhooks section

Webhook security

Trustap includes a standard HTTP Basic Authentication header in each webhook request. Set these credentials when creating your webhook configuration in the Trustap Dashboard, and configure your webhook handler to validate them on every incoming request to verify it genuinely originates from Trustap.

Webhook listener

To receive webhook events from Trustap, create a webhook handler for your application. Webhook handlers listen for and process incoming HTTP requests sent by a third-party service including a webhook event.

Trustap sends all webhook events associated with your account to this URL as POST requests, so your firewall rules and endpoint handlers should be set up to handle these.

If multiple clients are being set up, we recommend that each should use a distinct webhook endpoint, especially across environments. A simple way of achieving this is creating a unique endpoint path for each client.

Reliability & Sync Fallbacks

The Trustap API does not automatically retry failed webhook deliveries if your server is offline or returns an error status code. Because network drops or temporary server maintenance can cause your application to miss a webhook event, you should implement a fallback synchronization strategy.

  1. Implement a daily cron job or background worker that queries our Get Transaction Endpoint for any active or pending transactions in your database.
  2. Before displaying transaction statuses to your users or completing an internal order, execute a live GET request to verify the state on Trustap's servers matches your local database.

Webhook event codes

The Trustap API supports the following event codes.

CodeDescription
tx.cancelledThe transaction was cancelled before payment was completed. No funds moved.
tx.claimedA guest buyer or seller registered a full Trustap account and claimed (linked) an existing guest transaction to it.
tx.payment_failedThe buyer's payment attempt failed (for example, card declined or bank transfer rejected).
tx.paidThe buyer successfully completed payment and funds are held by Trustap.
tx.payment_review_flaggedThe payment was internally flagged for risk/fraud review before being accepted or failed.
tx.payment_acceptedThe seller accepted a pending payment request, allowing the transaction to proceed.
tx.handover_confirmedEither the buyer or seller confirmed handover of goods in a face-to-face transaction. Fired once per party.
tx.complainedThe buyer filed a complaint during the complaints period. Fund release is paused pending resolution.
tx.funds_releasedFunds were released to the seller, either after the complaints period ended or after arbitration.
tx.funds_refundedThe transaction was refunded in full. Triggered by an admin issuing a full refund or the seller accepting a buyer's complaint.
tx.refund_issuedA partial refund was issued on the transaction. The remaining balance stays open. Can only be triggered internally by a Trustap admin.
tx.trackedThe seller submitted shipment tracking details for the transaction.
tx.deliveredDelivery of the item was confirmed (by the buyer, or automatically via tracking), starting the complaints period.

Payload

The following is an example payload the Trustap API could pass to a webhook endpoint.

{
  "code": "tx.paid",
  "user_id": "1-0811c9c1-2a9b-4b06-ba7d-16b693f5c2b2",
  "target_id": "tx_01kq9gj63sf4pbpesq9kna5ysa",
  "target_preview": {
    "buyer": {
      "id": "1-0811c9c1-2a9b-4b06-ba7d-16b693f5c2b2",
      "is_guest": true
    },
    "client_id": "e12c9fe5-bd07-47fd-81ec-263b6aaac8d6",
    "deadlines": {
      "complaints": null
    },
    "description": "v2 Payment",
    "events": {
      "by_key": {
        "created": "2026-04-28T07:41:21Z",
        "joined": "2026-04-28T07:41:21Z",
        "paid": "2026-04-28T07:41:25Z"
      },
      "by_time": [
        {
          "at": "2026-04-28T07:41:21Z",
          "code": "created"
        },
        {
          "at": "2026-04-28T07:41:21Z",
          "code": "joined"
        },
        {
          "at": "2026-04-28T07:41:25Z",
          "by": "1-0811c9c1-2a9b-4b06-ba7d-16b693f5c2b2",
          "code": "paid"
        }
      ]
    },
    "id": "tx_01kq9gj63sf4pbpesq9kna5ysa",
    "pricing": {
      "amount": 1000,
      "amount_extra": 0,
      "currency": "eur",
      "fees": {
        "buyer": 50,
        "buyer_client": 0,
        "seller": 0,
        "seller_client": 0
      }
    },
    "seller": {
      "id": "1-e2f0d161-41c7-429d-8cee-7e524e61756f",
      "is_guest": true
    },
    "status": "paid"
  },
  "time": "2026-04-28T07:41:25.213691597Z",
  "metadata": {}
}

The following fields may be included in a webhook payload.

Field
TypeDescription
codestringA code that identifies the type of event that occurred to the target resource.
user_idstringThe ID of the user who triggered the event, if applicable. For example, if the buyer submits a payment, this field contains the buyer's user ID. If present on a transaction event, the user ID must match either the seller_id or the buyer_id of the transaction. This field is omitted if the event was triggered by an automated system, such as when funds are released after the complaint period ends.
target_idstringReturned as a string. Globally unique string identifier.
target_previewobjectAn optional object that previews the target resource. If present, it allows you to avoid making an additional API request to fetch the full resource.
timestringThe time at which the event occurred.

Testing

During testing, before you have created your own public webhook handler, it can be beneficial to use online webhook testing sites. Work with the Trustap team to temporarily configure your Trustap test environment with a <WEBHOOK_ENDPOINT> from an online webhook testing site.

While you can test your webhooks using public services, it's important to understand that you are sharing your information with these third-parties. Only use test data. Never share production data. The mention of a specific company or product name is solely for educational purposes and does not imply endorsement by Trustap.

Simulate Trustap webhook events

To test your webhook listener, use the following tool to create a sample webhooks event.

  1. Enter your Webhook listener URL, optional auth, and select your Sample payload.
  2. Copy, paste, and run the generated cURL command in your local terminal to send the sample payload to your webhook listener.
curl -X POST <your-webhook-url> \ -H "Content-Type: application/json" \ -d '{ "code": "tx.paid", "user_id": "1-0811c9c1-2a9b-4b06-ba7d-16b693f5c2b2", "target_id": "tx_01kq9gj63sf4pbpesq9kna5ysa", "target_preview": { "buyer": { "id": "1-0811c9c1-2a9b-4b06-ba7d-16b693f5c2b2", "is_guest": true }, "client_id": "e12c9fe5-bd07-47fd-81ec-263b6aaac8d6", "deadlines": { "complaints": null }, "description": "v2 Payment", "events": { "by_key": { "created": "2026-04-28T07:41:21Z", "joined": "2026-04-28T07:41:21Z", "paid": "2026-04-28T07:41:25Z" }, "by_time": [ { "at": "2026-04-28T07:41:21Z", "code": "created" }, { "at": "2026-04-28T07:41:21Z", "code": "joined" }, { "at": "2026-04-28T07:41:25Z", "by": "1-0811c9c1-2a9b-4b06-ba7d-16b693f5c2b2", "code": "paid" } ] }, "id": "tx_01kq9gj63sf4pbpesq9kna5ysa", "pricing": { "amount": 1000, "amount_extra": 0, "currency": "eur", "fees": { "buyer": 50, "buyer_client": 0, "seller": 0, "seller_client": 0 } }, "seller": { "id": "1-e2f0d161-41c7-429d-8cee-7e524e61756f", "is_guest": true }, "status": "paid" }, "time": "2026-04-28T07:41:25.213691597Z", "metadata": {} }'