More events available

You may fire a webhook for any event from this list.

Instead of polling data from Voucherify endpoints, you can use webhooks to get notified when:

Redemption webook

The webhook can be configured in the Project Settings view, in the Webhooks section.

The quickest way to test a webhook is to use a tool like Request Bin. Request Bin lets you create a webhooks URL and send data to it to see how it's recognized in a human-readable form. Go to requestbin.com, click Create a RequestBin, then copy the URL it gives you and paste it as your endpoint URL for testing.

Voucherify makes it possible to define multiple redemption webhooks. To add one, you should press the :heavy-plus-sign: button and start off by providing a target URL. Then, you can configure when the URL should be called.

There are two options:

  • Call a webhook for every redemption.
  • Call a webhook when one or many of the following redemption statuses occurred: redemption succeeded, redemption failed, redemption rollback succeeded, redemption rollback failed.

When all the webhook features are set, confirm it with CREATE ENDPOINT.

From now on when Voucherify calls your endpoint, it provides redemption information in the payload.

Referral reward webhook

The webhooks are also an integral part of referral programs. The endpoints are defined while defining a referral program and they are invoked when the referrer becomes eligible to receive a reward. The configuration is described in this tutorial.

Responding to a webhook

Voucherify expects your webhooks to return a response with a 2XX HTTP status code, indicating that the webhook has been received successfully. If a webhook is not successfully received, Voucherify will continue trying to send the webhook once an hour for up to 3 days.


Once your server is configured to receive payloads, it'll listen for any payload sent to the endpoint you configured. For security reasons, you probably want to limit requests to those coming from Voucherify. To do so, you should set up a secret token and validate the information.

You can generate a secret key in the Project Settings:

You can find the token in X-Voucherify-Signature field.

Then, you can validate the signature in your application. To see an example, go to verifySignature method in the NodeJS SDK.

const crypto = require('crypto') 

verifySignature: function (signature, message, secretKey) {
  return crypto.createHmac('sha256', secretKey)
    .update(isString(message) && message || JSON.stringify(message))
    .digest('hex') === signature

IP Whitelisting

When Voucherify sends a webhook, the Voucherify servers make network requests to our tenants’ or third parties’ servers.

For adding an additional layer of security, you can do IP whitelisting. That mechanism will verify that webhooks requests are coming from Voucherify.

Voucherify sends webhooks from the IP ranges below.






Did this page help you?