Set up a webhook

Set up a webhook to handle the payment result in a reliable way.

Use the i’mport webhook to synchronize payment information on the i’mport server with the merchant server to compensate for data loss due to device or network instability.

What is a webhook?

A webhook is a mechanism for sending notifications to other services or applications when a specific event occurs. The webhook provider sends event information to the callback URL (endpoint) by creating an HTTP POST request when the event occurs. Webhooks are much more efficient in terms of resources and communication as they can only receive information related to desired events without polling data periodically. Using webhooks, you can extend functionality by integrating with custom functions or other applications.

Is webhook integration required?

When the i’mport server sends a response to the client, the client may not receive the response after the payment process is complete for reasons, such as Wi-Fi disconnection or automatic browser reload. In this case, the i’mport server sends a webhook event to the server so that the payment information can be synchronized.

i’mport webhook is called when:

  • Payment is approved (all payment methods) (status : paid)
  • Virtual account is issued (status : ready)
  • Payment is deposited into virtual account (status : paid)
  • Scheduled payment is attempted (status : paid or failed)
  • Refund is processed from Admin console (status : cancelled)

A webhook is not invoked when payment fails!

Webhook URL can be set in the following two ways:

To set the webhook’s notification URL to send the payment information to, log in to the Admin console and then go to Payments->Live Settings tab and set the URL in the Endpoint URL field to receive the webhook data.

Content-Type can be specified as application/json or application/x-www-form-urlencoded. To test the URL, click the Test Webhook button to the right of the Notification URL field.

About webhooks

You cannot set multiple webhook URLs.

Webhooks can be sent via initial or resend, each with different timeouts.

  1. For the initial webhook, the Connection TimeOut is set to 10 seconds and the Read TimeOut waiting for the response is 30 seconds.
  2. For the Resend Webhook, the Overall TimeOut for the request is 15 seconds.

Verify webhook request

When a Webhook event is triggered, a POST request is generated to the configured URL endpoint as follows.

Since the webhook receiving address is a public URL and there’s a risk of servers other than PortOne sending webhooks, the merchant server receive the webhook and then must verify the webhook content by querying the payment transaction using the Get Payment by ImpUid API. Even if the payment has been successfully processed, there might be cases where the webhook is not received or is delayed due to network issues. If a webhook is not received or is delayed, immediately cancelling the transaction could result in financial loss due to a refund of a payment that was successfully processed due to network issues. Even if a webhook does not arrive, before cancelling a payment, query the status of the transaction using the Get Payment by ImpUid API to ensure the payment status is normal and avoid cancelling.

Even if the merchant server responds correctly after receiving a webhook, if the webhook response does not reach the PortOne server due to network issues, the webhook may be resent for merchants who have set up the webhook retry feature. It is recommended to handle potential multiple receipts of the same webhook content without issues.

curl -H "Content-Type: application/json" -X POST -d '{ "imp_uid": "imp_1234567890", "merchant_uid": "order_id_8237352", "status": "paid" }' { NotificationURL }

The body of the webhook POST request contains the following information. The server can get the information and use it to query the payment information from the i’mport server and verify and store the payment information.

  • imp_uid : payment ID
  • merchant_uid : order ID
  • status : payment result

Sample code of receiving a POST request to webhook endpoint URL

Create an endpoint to receive the webhook event’s POST request as follows and then parse, verify, and save the payment information.

app.use(bodyParser.json()); // Route POST request to "/iamport-webhook""/iamport-webhook", async (req, res) => { try { const { imp_uid, merchant_uid } = req.body; // Get imp_uid and merchant_uid from req.body // Get access token /* ...Omitted... */ // Get payment info from i'mport server using imp_uid /* ...Omitted... */ const paymentData =; // Save payment info // ... // Query for original requested amount from the database const order = await Orders.findById(paymentData.merchant_uid); const amountToBePaid = order.amount; // Original requested amount // ... // Verify payment amount const { amount, status } = paymentData; if (amount === amountToBePaid) { // Amounts match. Processed amount === Original requested amount await Orders.findByIdAndUpdate(merchant_uid, { $set: paymentData }); // Save payment info in DB switch (status) { case "ready": // Issue virtual account // Save virtual account info in DB const { vbank_num, vbank_date, vbank_name } = paymentData; await Users.findByIdAndUpdate("/* customer id */", { $set: { vbank_num, vbank_date, vbank_name }, }); // Send virtual account issuance text message SMS.send({ text: `Virtual account has been issued. Account information ${vbank_num} ${vbank_date} ${vbank_name}`, }); res.send({ status: "vbankIssued", message: "Virtual account issued successfully", }); break; case "paid": // Payment complete res.send({ status: "success", message: "Payment successful." }); break; } } else { // Amount mismatch. Forged/falsified payment. throw { status: "forgery", message: "Forged/falsified payment attempted", }; } } catch (e) { res.status(400).send(e); } });

i’mport does not guarantee the order of payment information delivery

In general, after i’mport server calls webhook, it does not guarantee the order in which the payment information arrives at the server. This is because i’mport sends a 302 redirect response to the client without waiting for a webhook response from the server. However, you can submit a special request to configure i’mport to wait for a webhook response before sending a 302 redirect or callback response to the client so that the server always receives payment information from i’mport first. To make a request to guarantee the prioritized delivery of webhooks, contact with the merchant ID.

Can you re-send a webhook?

By default, a webhook can only be sent once. However, it can be re-sent up to 5 times as per merchant’s request. Webhooks are re-sent every 1 minute until a successful response is received from the merchant (up to 5 times).