Handling Webhooks for Real-Time Payment Updates

If you run an online shop, SaaS product, digital service or any business in Dhaka, Chittagong, Sylhet, Khulna, Rajshahi or anywhere in Bangladesh, waiting for payment status can be frustrating.

Customers see “processing” for minutes (or longer), orders stay stuck, inventory gets oversold, SaaS licenses delay, and support tickets pile up fast.

Webhooks fix this completely.

A webhook is an instant message your payment gateway sends to your server the second something happens — payment succeeds, fails, refund issued, subscription canceled, etc.

In 2026 Bangladesh — where bKash and Nagad handle most online payments, cards and EMI are growing, and customers expect instant confirmation — good webhook handling turns slow checkout into a smooth, professional experience.

This beginner-friendly guide explains what webhooks are, why they matter locally, and how to set them up properly (with Moneybag examples, since it’s one of the fastest and most reliable in Dhaka right now).

Why Webhooks Are Especially Important in Bangladesh

• bKash OTP sessions expire quickly → instant failure notice lets you show a clear “try again” message
• Nagad/Rocket payments can fail silently → webhook tells you immediately
• Card 3D Secure interruptions → know exactly why it failed
• Refunds & chargebacks → update order status right away
• Subscriptions → activate or block access the moment payment succeeds or fails
• T+1 settlement → webhooks give visibility even before money arrives in your bank

Without webhooks you either:

• Poll the gateway every few seconds (slow + can hit rate limits)
• Leave customers waiting and confused

Most Common Webhook Events You Should Handle

Moneybag (and most local gateways) sends these key events:

• payment.succeeded → mark order paid, send receipt, activate license
• payment.failed → show friendly error, start retry or reminder
• payment.refunded → update order status, adjust stock
• subscription.created → begin billing cycle
• subscription.payment.failed → send Bangla SMS/email reminder
• subscription.canceled → revoke access, send feedback survey
• subscription.updated → adjust plan limits or proration

Step-by-Step: How to Set Up & Handle Webhooks Properly

Step 1: Create a Public Webhook URL

Your server needs a secure, public address that accepts POST requests.

Examples:

• https://yourshop.com/webhook/moneybag
• https://api.yoursaas.bd/payments/webhook

Always use HTTPS — gateways reject plain HTTP.

Step 2: Secure the Endpoint

• Verify the request really comes from Moneybag
• Moneybag sends an X-Signature header
• Calculate HMAC-SHA256 of the raw payload using your API Secret
• Compare it with the header → if no match → reject (HTTP 401)
• Add basic rate limiting (protect from spam)

Step 3: Read & Understand the Payload

Moneybag sends simple JSON:

JSON

{

  “event”: “payment.succeeded”,

  “data”: {

    “order_id”: “ORD-987654”,

    “amount”: 1500.00,

    “currency”: “BDT”,

    “method”: “bkash”,

    “txn_id”: “TXN-456789”,

    “customer_email”: “user@example.com”

  },

  “timestamp”: “2026-03-24T14:30:00+06:00”

}

In your code (PHP, Laravel, Node.js, Python, etc.):

• Read the raw body first (don’t trust $_POST)
• Verify signature
• Parse JSON
• Check the “event” field

Step 4: Process Events Safely & Quickly

Rules to follow:

• Return HTTP 200 fast (within 5–10 seconds) — gateways retry on failure
• Use idempotency — same event can arrive twice (check txn_id)
• Put heavy work (emails, SMS, license generation) in a queue
• Log every request (event type, payload, result)

Simple example logic (easy to understand):

Python

if event == “payment.succeeded”:

    mark_order_as_paid(order_id)

    activate_user_license(user_id)

    send_thank_you_email(customer_email)

    return 200

if event == “payment.failed”:

    mark_order_as_failed(order_id)

    send_retry_sms(customer_phone, “Payment failed – please try again”)

    return 200

Step 5: Test Webhooks Thoroughly

• Switch Moneybag to Sandbox mode
• Make test payments (fake bKash, test cards)
• Use ngrok (free tool) to expose your local server
• Trigger events from Moneybag dashboard
• Check your logs: did signature verify? Did status update?

Step 6: Go Live & Monitor

• Switch to Live credentials
• Watch logs for first few days
• Set alerts if many failures or retries happen

Frequently Asked Questions (Quick & Clear)

How fast do webhooks arrive from Moneybag in Bangladesh?

Usually 2–10 seconds after the payment status changes — very reliable in Dhaka and major cities.

What if my server is offline when a webhook arrives?

Moneybag retries failed deliveries automatically (multiple times over hours/days).

Do I need a public server for webhooks?

Yes — but during development use ngrok or Cloudflare Tunnel to test locally.

Can one webhook URL handle bKash, Nagad, cards and subscriptions?

Yes — Moneybag uses the same format for all events. Just check the “event” field.

Is webhook handling safe and PCI compliant?

Yes — webhooks never contain full card numbers (only tokens and status). Keep your endpoint secure.

Read: Integrating Online Payments: From API to Checkout

Bottom Line for Businesses in Bangladesh

Webhooks turn slow, uncertain payments into instant, reliable updates.

Once set up correctly you get:

• Happier customers (instant order confirmation)
• Fewer support questions
• Accurate stock and access control
• Better cash-flow tracking

Don’t rely on manual checks or slow polling — webhooks are the standard in 2026.

→ Try Moneybag Sandbox Free — practice webhook testing today

→ Moneybag API Documentation for Developers — read webhook setup & signature guide

Working on a project in Dhaka or another city?

Tell me your tech stack (Laravel, Node.js, Python, WordPress, etc.) or what you’re trying to automate — I’ll give you more specific code examples or troubleshooting tips.

Make payments instant — let your customers and business move faster! 🚀