curl --request POST \
  --url https://aarwcjjzhlmkgdwrisyt.supabase.co/functions/v1/webhook-paystack \
  --header 'Content-Type: application/json' \
  --data '
{
  "event": "charge.success",
  "data": {
    "amount": 50806250,
    "channel": "dedicated_nuban",
    "reference": "paystack_ref_abc123",
    "customer": {
      "email": "user@escrow.internal"
    },
    "metadata": {
      "user_id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
      "escrow_id": "d4e5f6a7-b8c9-0123-defa-234567890123",
      "transaction_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
      "purpose": "escrow_charge"
    }
  }
}
'

{
  "received": true
}

Webhooks

Paystack webhook receiver

Receives and processes inbound webhook events from Paystack. This endpoint is not called by your app — it is called by Paystack’s servers.

Security: Every request is verified using HMAC-SHA512 against the x-paystack-signature header. Requests with an invalid or missing signature return 401 immediately.

Handled events:

Event	Channel	Action
`charge.success`	`dedicated_nuban`	Credit wallet. If `metadata.purpose = escrow_charge` and amount ≥ pending tx → lock escrow, activate, send invite. If amount < pending tx → credit wallet only, notify user of shortfall via WhatsApp.
`charge.success`	`card`	Safety net only — card charges are synchronous so this is treated as idempotent.
`transfer.success`	—	Mark `escrow_release` transaction as succeeded, update escrow → `released`.
`transfer.failed` / `transfer.reversed`	—	Mark transaction as failed. Escrow status unchanged — requires support intervention.

Always returns 200 for valid signatures, even if internal processing fails. This prevents Paystack from retrying and causing duplicate wallet credits or escrow activations. Errors are logged server-side.

Configure in Paystack dashboard: Dashboard → Settings → API Keys & Webhooks → Webhook URL Set to: {your_supabase_url}/functions/v1/webhook-paystack

POST

webhook-paystack

curl --request POST \
  --url https://aarwcjjzhlmkgdwrisyt.supabase.co/functions/v1/webhook-paystack \
  --header 'Content-Type: application/json' \
  --data '
{
  "event": "charge.success",
  "data": {
    "amount": 50806250,
    "channel": "dedicated_nuban",
    "reference": "paystack_ref_abc123",
    "customer": {
      "email": "user@escrow.internal"
    },
    "metadata": {
      "user_id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
      "escrow_id": "d4e5f6a7-b8c9-0123-defa-234567890123",
      "transaction_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
      "purpose": "escrow_charge"
    }
  }
}
'

{
  "received": true
}

Body

application/json

event

string

required

Paystack event type. Handled values: charge.success, transfer.success, transfer.failed, transfer.reversed.

Example:

"charge.success"

data

object

required

Event payload — shape varies by event type.

Show child attributes

Response

Event received and acknowledged

received

boolean

Example:

true

Unregister a push notification token Get own profile

⌘I

Auth

Escrow

KYC

Disputes

Payouts

Messages

Notifications

Webhooks

Profile

Contacts

Wallet

Cards

Reviews

Transactions

Milestones

Reference Data

Admin: Escrow

Paystack webhook receiver

Body

Response