payment_intent.created, charge.succeeded, charge.failed, etc.) are sent to your callback_url. The process for handling these events is almost identical, except for the authentication method (see below). For more details on event types and recommended handling, refer to the Webhooks documentation.
1. Creating a Payment Intent with a Callback URL
When creating a payment intent, you can include an optionalcallback_url parameter to specify where you want Modem Pay to send event notifications related to this payment.
2. How the Callback URL Works
- If
callback_urlis provided in the payment intent, Modem Pay sends event notifications (e.g.,charge.succeeded,charge.failed) to this URL instead of your global webhook URL. - If no
callback_urlis set, events are sent to your global webhook as usual. - This allows for more granular control and flexibility, especially useful for marketplaces or third-party integrations where different payments require different handling.
3. Security and Validation
- All requests sent to the
callback_urlinclude anx-modem-signatureheader containing a signature that is signed with your merchant secret key for authentication.
For complete webhook validation examples in other programming languages (Python, Go, etc.), please refer to our Webhooks documentation. When validating callback URL events, use your merchant secret key instead of the webhook signing key.
- This differs from the global webhook which uses a separate signing key and payload signatures for verification.
-
To secure your endpoint:
- Verify that incoming requests include a valid signature in the
x-modem-signatureheader. - Ensure your callback URL uses HTTPS to encrypt data in transit.
- Implement proper timeout and retry logic, as Modem Pay will retry failed callback attempts up to 3 times with exponential backoff.
- Verify that incoming requests include a valid signature in the