Cashfree Payments Developer Documentation

Webhooks are event-based notifications that are received when a specific event related to the account aggregator occurs.

Add webhooks

Add your webhook URL in our system for us to deliver webhook events. Follow the instructions below to configure the webhook URL. Ensure to provide the publicly accessible HTTPS URL to your webhook endpoint.

Log in to the Merchant Dashboard and click Developers.
Click Webhooks listed under the Secure ID card.
Click Add Webhook URL in the Webhook screen.
In the Add Webhook popup, fill in the following information:

Webhook URL: Enter the URL in this field.

Click Test & Add Webhook.

The following events are triggered at different stages of the account aggregator consent process:

Event	Description
AA_CONSENT_VERIFICATION_SUCCESS	Consent is approved.
AA_CONSENT_VERIFICATION_PAUSED	Consent is paused.
AA_CONSENT_VERIFICATION_REVOKED	Consent is revoked.
AA_CONSENT_VERIFICATION_REJECTED	Consent is rejected.
AA_CONSENT_VERIFICATION_EXPIRED	Consent has expired.

AA_CONSENT_VERIFICATION_SUCCESS

{
    "event_type": "AA_CONSENT_VERIFICATION_SUCCESS",
    "event_time": "2024-02-15 16:53:15",
    "version": "v1",
    "data": {
    "status": "SUCCESS",
    "consent_verification_id": "a12bc34def56789"
    }
}

AA_CONSENT_VERIFICATION_PAUSED

{
    "event_type": "AA_CONSENT_VERIFICATION_PAUSED",
    "event_time": "2024-02-15 16:53:15",
    "version": "v1",
    "data": {
    "status": "PAUSED",
    "consent_verification_id": "a12bc34def56789"
    }
}

AA_CONSENT_VERIFICATION_REVOKED

{
    "event_type": "AA_CONSENT_VERIFICATION_REVOKED",
    "event_time": "2024-02-15 16:53:15",
    "version": "v1",
    "data": {
    "status": "REVOKED",
    "consent_verification_id": "a12bc34def56789"
   }
}

AA_CONSENT_VERIFICATION_REJECTED

{
    "event_type": "AA_CONSENT_VERIFICATION_REJECTED",
    "event_time": "2024-02-15 16:53:15",
    "version": "v1",
    "data": {
    "status": "REJECTED",
    "consent_verification_id": "a12bc34def56789"
    }
}

AA_CONSENT_VERIFICATION_EXPIRED

{
    "event_type": "AA_CONSENT_VERIFICATION_EXPIRED",
    "event_time": "2024-02-15 16:53:15",
    "version": "v1",
    "data": {
    "status": "EXPIRED",
    "consent_verification_id": "a12bc34def56789"
    }
}

FI webhook event

The following events are triggered at different stages of the account aggregator financial information process:

Event	Description
AA_FI_VERIFICATION_SUCCESS	Financial information verification is successful.
AA_FI_VERIFICATION_ACTIVE	Financial information consent is active.
AA_FI_VERIFICATION_FAILED	Financial information verification has failed.
AA_FI_VERIFICATION_EXPIRED	Financial information verification has expired.

AA_FI_VERIFICATION_ACTIVE

{
    "event_type": "AA_FI_VERIFICATION_ACTIVE",
    "event_time": "2024-02-15 16:53:15",
    "version": "v1",
    "data": {
    "status": "ACTIVE",
    "fi_verification_id": "v1234567890abcdef",
    "fi_status_response": [
            {
                "fip_id": "FIP_1",
                "accounts": [
                    {
                        "link_ref_number": "b2328fa7-0dcd-2314-asb5-9ef7b4c1cz6b",
                        "fi_status": "READY"
                    },
                    {
                        "link_ref_number": "a2328fa7-0dcd-2314-asb5-9ef7b4c1cz6b",
                        "fi_status": "TIMEOUT"
                    }
                ]
            },
            {
                "fip_id": "FIP_2",
                "accounts": [
                    {
                        "link_ref_number": "c2328fa7-0dcd-2314-asb5-9ef7b4c1cz6b",
                        "fi_status": "READY"
                    }
                ]
            }
        ]
    }
}

AA_FI_VERIFICATION_SUCCESS

{
    "event_type": "AA_FI_VERIFICATION_SUCCESS",
    "event_time": "2024-02-15 16:53:15",
    "version": "v1",
    "data": {
    "status": "SUCCESS",
    "fi_verification_id": "v1234567890abcdef"
    }
}

AA_FI_VERIFICATION_FAILED

{
    "event_type": "AA_FI_VERIFICATION_FAILED",
    "event_time": "2024-02-15 16:53:15",
    "version": "v1",
    "data": {
    "status": "FAILED",
    "fi_verification_id": "v1234567890abcdef"
    }
}

AA_FI_VERIFICATION_EXPIRED

{
    "event_type": "AA_FI_VERIFICATION_EXPIRED",
    "event_time": "2024-02-15 16:53:15",
    "version": "v1",
    "data": {
    "status": "EXPIRED",
    "fi_verification_id": "v1234567890abcdef"
    }
}

Webhook signature

You will receive the webhook signature in the webhook header. Here is a sample header from a webhook request.

Header Name	Header Value
content-length	1099
x-webhook-attempt	1
content-type	application/json
x-webhook-signature	07r5C3VMwsGYeldGOCYxe5zoHhIN1zLfa8O0U/yngHI=
x-webhook-timestamp	1746427759733

Always capture the webhook payload in its raw text format before parsing into JSON. Parsing and re-serialising the payload can change the structure (for example, array ordering, spacing, or null handling) and cause a signature mismatch during verification. Use the exact raw body string from the request when computing the signature.

Webhook payload fields

The webhook payload contains important metadata in its top-level fields.

Field	Type	Description
`event_type`	`string`	Indicates the type of event that triggered the webhook.
`event_time`	`string`	The UTC timestamp of when the event occurred, formatted in ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`).
`version`	`string`	Indicates the webhook format being used. Default version is “v1”.
`data`	`object`	Contains event-specific details related to this feature.

Verifying the signature is mandatory before processing any response. Refer to Signature Verification for more details.

Secure ID APIs

V2

V1 (Depricated API's)

Webhooks

Add webhooks

FI webhook event

Webhook signature

Webhook payload fields

Secure ID APIs

V2

V1 (Depricated API's)

​Add webhooks

​Consent webhook event

​FI webhook event

​Webhook signature

​Webhook payload fields

Add webhooks

Consent webhook event

FI webhook event

Webhook signature

Webhook payload fields