Skip to main content
Webhooks are notifications about API events, sent as they occur. The Marqeta platform sends these notifications to an endpoint that is hosted in your environment and configured to receive and process them. Create a webhook object to represent your webhook endpoint. Configure it with the URL of your webhook endpoint and a set of credentials for accessing that endpoint. You can configure it to send notifications for a single event, a group of events by type, or all event types. To set up multiple webhook endpoints and route different types of event notifications to each, create multiple webhook objects and configure each to send a specific type of event notification to a specific endpoint. See About Webhooks for information on notifications and a tutorial that walks you through the configuration of your webhook endpoint. See Event Types for reference documentation on the types of events that the Marqeta platform supports.
Note
Webhooks URLs are cached. Changes made on your webhook endpoint can take up to one hour to be applied.

Create webhook

Action: POST
Endpoint: /webhooks
Creates a webhook.
Note
As shown in the example, config.secret, config.basic_auth_username, and config.basic_auth_password are masked in responses to this and all other requests. To access these values later, store them securely before making the request.

Request body

Sample request body

JSON

Response body

Sample response body

JSON

List webhooks

Action: GET
Endpoint: /webhooks
Returns an array of all webhooks. This endpoint supports field filtering, sorting, and pagination.
Note
As shown in the example, config.secret, config.basic_auth_username, and config.basic_auth_password are masked in responses to this and all other requests. To ensure that you can access these values as needed, update them on your endpoint, store them securely, and then update the webhook subscription.

URL query parameters

Response body

Sample response body

JSON

Update webhook custom headers

Action: PUT
Endpoint: /webhooks/customheaders/{token}
Adds or updates a webhook’s custom HTTP headers.

URL path parameters

Request body

Sample request body

JSON

Response body

Sample response body

JSON

Retrieve webhook

Action: GET
Endpoint: /webhooks/{token}
Retrieves a webhook.
Note
As shown in the example, config.secret, config.basic_auth_username, and config.basic_auth_password are masked in responses to this and all other requests. To ensure that you can access these values as needed, update them on your endpoint, store them securely, and then update the webhook subscription.

URL path parameters

Response body

Update webhook

Action: PUT
Endpoint: /webhooks/{token}
Updates a webhook. You can also use this endpoint to disable webhooks you no longer want to receive—there is no DELETE method available to remove unneeded webhooks. To disable a webhook, use this endpoint to set its active field to false.
Note
As shown in the example, config.secret, config.basic_auth_username, and config.basic_auth_password are masked in responses to this and all other requests. To access these values later, store them securely before making the request. When modifying authentication credentials, update the endpoint configuration before updating your webhook subscription to avoid missing any important event notifications.
For instructions on managing your webhooks via the Developer Dashboard, see the Developer Tools guide.

URL path parameters

Request body

Response body

Ping webhook

Action: POST
Endpoint: /webhooks/{token}/ping
Pings your webhook endpoint. Send a ping request to your webhook endpoint to validate credentials and connectivity. Your webhook endpoint must be configured to respond.

Configuring your webhook endpoint

When the Marqeta platform receives the ping request, it sends a POST request containing the following body to the URL of your webhook endpoint:
JSON
To indicate that it is functioning properly, your webhook endpoint must respond with a status code of 200 (see Signature Verification for a code example that identifies a ping request). The response can optionally include a JSON-formatted body, for example:
JSON
The Marqeta platform then responds to its requestor by echoing, as-is, the response code and body received from your webhook endpoint.

Using the ping facility

To ping a webhook endpoint, send a POST request to /webhooks/{token}/ping and use the token path parameter to specify which webhook you want to reach. Include an empty, JSON-formatted body in the request, that is:
JSON
The following chain of actions occurs during the successful execution of a ping operation:
1
The Marqeta platform receives the ping request (POST to /webhooks/{token}/ping).
2
The Marqeta platform sends a request to your webhook endpoint.
3
Your webhook endpoint responds with a status code of “200” and an optional body.
4
The Marqeta platform responds to its requestor by echoing, as-is, the response code and body it received from your webhook endpoint.
Note
If the customer-hosted endpoint fails to respond within five seconds, the Marqeta platform times out the request and responds with the following message body (where <optional message> represents additional details you can choose to include in the response):
JSON
Failed pings are not automatically retried.

URL path parameters

Response body

Sample response body

JSON

Resend event notification

Action: POST
Endpoint: /webhooks/{token}/{event_type}/{event_token}
Resends an event notification to your webhook endpoint. Although you send this request as a POST, all parameters are passed in the URL and the body is empty. The event notification is resent to your webhook endpoint and is also returned in the response to this request.

URL path parameters