> ## Documentation Index
> Fetch the complete documentation index at: https://www.cashfree.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Incident Service Webhook
> Subscribe to Cashfree Incident Service webhooks so your checkout learns when payment rails go down, recover, or change scope across banks and networks.
Cashfree Payments will notify you whenever we create an incident at our end. An incident implies that the issuing bank is facing high failure rates or has scheduled a maintenance activity during that time. The former could be due to many reasons and until the failure rates go down, we would recommend customers to use alternative payment instruments.
There are two channels through which we notify. You can subscribe to either of the channels by adding your email address and webhook endpoint in the merchant dashboard.
Email - Cashfree Payments will send an email alert when an issuer is facing downtime or a scheduled incident.
Webhooks - Cashfree Payments will invoke a server to server call whenever an incident is created. You can use this webhook and update your payment page accordingly.
## Webhook schema of incident service webhook
### Sample payload for creation of incident
```javascript Version (2025-01-01) theme={"dark"}
{
"data": {
"incident": {
"end_time": "2025-04-29T09:11:48+05:30",
"id": "x77rkd7phl5dobr94k1s",
"impact": "HIGH",
"message": "Payment mode up",
"start_time": "2025-04-22T09:11:48+05:30",
"status": "RESOLVED",
"type": "SCHEDULED"
},
"instruments": {
"upi": {
"issuers": [
"DEUTSCHE BANK"
]
}
}
},
"event_time": "2025-04-22T14:42:08+05:30",
"type": "HEALTH_ALERT"
}
```
```javascript Version (2023-08-01) theme={"dark"}
{
"data": {
"incident": {
"end_time": "2025-04-29T09:11:48+05:30",
"id": "x77rkd7phl5dobr94k1s",
"impact": "HIGH",
"message": "Payment mode up",
"start_time": "2025-04-22T09:11:48+05:30",
"status": "RESOLVED",
"type": "SCHEDULED"
},
"instruments": {
"upi": {
"issuers": [
"DEUTSCHE BANK"
]
}
}
},
"event_time": "2025-04-22T14:42:08+05:30",
"type": "HEALTH_ALERT"
}
```
### Sample payload when incident is resolved
```javascript Version (2025-01-01) theme={"dark"}
{
"data": {
"incident": {
"end_time": "2025-04-29T09:11:48+05:30",
"id": "x77rkd7phl5dobr94k1s",
"impact": "HIGH",
"message": "Payment mode up",
"start_time": "2025-04-22T09:11:48+05:30",
"status": "RESOLVED",
"type": "SCHEDULED"
},
"instruments": {
"upi": {
"issuers": [
"DEUTSCHE BANK"
]
}
}
},
"event_time": "2025-04-22T14:42:08+05:30",
"type": "HEALTH_ALERT"
}
```
```javascript Version (2023-08-01) theme={"dark"}
{
"data": {
"incident": {
"end_time": "2025-04-29T09:11:48+05:30",
"id": "x77rkd7phl5dobr94k1s",
"impact": "HIGH",
"message": "Payment mode up",
"start_time": "2025-04-22T09:11:48+05:30",
"status": "RESOLVED",
"type": "SCHEDULED"
},
"instruments": {
"upi": {
"issuers": [
"DEUTSCHE BANK"
]
}
}
},
"event_time": "2025-04-22T14:42:08+05:30",
"type": "HEALTH_ALERT"
}
```
### Payload
| Field | Description | Example | Mandatory |
| -------------------- | --------------------------------------------------------------------------------------------------- | ---------------------------------------------------- | --------- |
| end\_time | Null when an incident is created. Or end time when incident is resolved | 2021-04-16T15:10:36+05:30 | No |
| start\_time | Time since we have seen this incident | 2021-04-16T14:10:36+05:30 | Yes |
| id | Incident id | Alphanumeric with \_,- | Yes |
| impact | Impact of the downtime | HIGH, MEDIUM, LOW | Yes |
| message | Human readable message | | No |
| status | Status of the incident. OPEN when created, RESOLVED when resolved, UPDATE when updated with details | OPEN, UPDATE, RESOLVED | Yes |
| type | Is this a scheduled or an unscheduled downtime? | SCHEDULED, UNSCHEDULED | Yes |
| instruments | Refers to the payment mode. This will contain a nested object | | Yes |
| upi.issuers | Issuers which are impacted | Array | No |
| net\_banking.issuers | Net banking banks which are impacted | Array | No |
| wallet.issuers | Wallets which are impacted | Array | No |
| card.type | Card types which are impacted | CREDIT\_CARD, DEBIT\_CARD, ALL | No |
| card.scheme | Card schemes which are impacted | MASTER, VISA, RUPAY, MAESTRO, AMEX, Multiple Schemes | No |
| card.issuers | Banks which are impacted | Array | No |
| event\_time | Time when this webhook was created | | Yes |
| type | Type of webhook | HEALTH\_ALERT | Yes |
| version | Version of webhook. You should build your parsing logic with respect to this version | | Yes |
| Children | Optional | Type | Possible values |
| ------------ | -------- | ---------------- | --------------- |
| wallet | Y\* | Child attributes | Available below |
| net\_banking | Y\* | Child attributes | Available below |
| upi | Y\* | Child attributes | Available below |
| card | Y\* | Child attributes | Available below |
> At least one of the children needs to be present
### Wallet
| Children | Optional | Type | Possible values |
| -------- | -------- | ---- | --------------------------------- |
| issuers | N | Text | See list of wallet issuers below. |
### Net Banking
| Children | Optional | Type | Possible values |
| -------- | -------- | ----- | -------------------------- |
| issuers | N | Array | See list of issuers below. |
### UPI
| Children | Optional | Type | Possible values |
| -------- | -------- | ----- | -------------------------- |
| issuers | N | Array | See list of issuers below. |
### Card
| Children | Optional | Type | Possible values |
| -------- | -------- | ----- | ---------------------------------------------------- |
| type | N | Text | CREDIT\_CARD, DEBIT\_CARD, ALL |
| scheme | N | Text | MASTER, VISA, RUPAY, MAESTRO, AMEX, Multiple Schemes |
| issuers | N | Array | See list of issuers below. |
### Payload Headers
Cashfree Payments will send two custom headers for every webhook being invoked by our system.
| Name | Description | Example |
| -------------------- | ---------------------------------------------------- | -------------------------------------------- |
| x-cashfree-timestamp | Timestamp for this event. Used to generate signature | 1618562436364 |
| x-cashfree-signature | Cashfree Payments signature for this webhook | ke+K3gR8GssH9AMfJm+0+8jGIL1Mq7hOheP9w36/hL0= |
## Signature Generation
The signature must be used to verify if the request has not been tampered with. To verify the signature at your end, you will need your Cashfree Payment Gateway secret key along with the payload.
```
//The payload here refers to the raw request sent by
Cashfree to your endpoint. No modifications need to be
done to this payload.
payload := {"data":{"bank_name":"Test Bank",
"card_type":"Visa","health":"DEGRADED",
"incident_end_time":"2021-04-07T00:20:30",
"incident_id":"INCIDENT_HIGH_Test Bank_954b95zz-f11a-test-abcd-0eb0e8608847",
"incident_impact":"High",
"incident_start_time":"2021-04-06T00:20",
"incident_type":"Scheduled",
"is_resolved":false,
"issuers":[],
"message":"We are facing high failure issues in Payment gateway at the moment and will keep you updated about the issue.",
"payment_gateway":null,"payment_mode":"DEBIT_CARD",
"scope":"PaymentMode"},
"type":"HEALTH_ALERT","version":1}
# timestamp is present in the header x-cashfree-timestamp
timestamp := 1617695238078
signedPayload := $timestamp.$payload
expectedSignature := Base64Encode(HMACSHA256($signedPayload, $merchantSecretKey))
```
## Bank Names
* Axis Bank
* Bank of Baroda - Retail Banking
* Bank of India
* Bank of Maharashtra
* Canara Bank
* Catholic Syrian Bank
* Central Bank of India
* City Union Bank
* Deutsche Bank
* DBS Bank Ltd
* DCB Bank - Personal
* Dhanlakshmi Bank
* Federal Bank
* HDFC Bank
* ICICI Bank
* IDBI Bank
* IDFC Bank
* Indian Bank
* Indian Overseas Bank
* IndusInd Bank
* Jammu and Kashmir Bank
* Karnataka Bank Ltd
* Karur Vysya Bank
* Kotak Mahindra Bank
* Laxmi Vilas Bank - Retail Net Banking
* Punjab & Sind Bank
* Punjab National Bank - Retail Net Banking
* RBL Bank
* Saraswat Bank
* South Indian Bank
* Standard Chartered Bank
* State Bank Of India
* Tamilnad Mercantile Bank Ltd
* UCO Bank
* Union Bank of India
* Yes Bank Ltd
* Bank of Baroda - Corporate
* Bank of India - Corporate
* DCB Bank - Corporate
* Lakshmi Vilas Bank - Corporate
* Punjab National Bank - Corporate
* State Bank of India - Corporate
* Union Bank of India - Corporate
* Axis Bank Corporate
* Dhanlaxmi Bank Corporate
* ICICI Corporate Netbanking
* Ratnakar Corporate Banking
* Shamrao Vithal Bank Corporate
* Equitas Small Finance Bank
* Yes Bank Corporate
* Bandhan Bank- Corporate banking
* Barclays Corporate- Corporate Banking - Corporate
* Indian Overseas Bank Corporate
* City Union Bank of Corporate
* HDFC Corporate
* Shivalik Bank
* AU Small Finance
* Bandhan Bank - Retail Net Banking
* Shamrao Vitthal Co-operative Bank
* Tamil Nadu State Co-operative Bank
All Banks (Note: This parameter will be sent when all banks are having a downtime)
## Wallet Names
* FreeCharge
* MobiKwik
* Ola Money
* Reliance Jio Money
* Airtel Money
* Paytm
* Amazon Pay
* PhonePe
## Compute signature and verify
#### Sample code
#### Verify Signature using SDK
```javascript Node(express) theme={"dark"}
var express = require('express')
import { Cashfree } from "cashfree-pg";
var app = express()
Cashfree.XClientId = "";
Cashfree.XClientSecret = "";
Cashfree.XEnvironment = Cashfree.Environment.SANDBOX;
app.post('/webhook', function (req, res) {
try {
Cashfree.PGVerifyWebhookSignature(req.headers["x-webhook-signature"], req.rawBody, req.headers["x-webhook-timestamp"]))
} catch (err) {
console.log(err.message)
}
})
```
```go Go theme={"dark"}
import (
cashfree "github.com/cashfree/cashfree-pg/v4"
)
// Route
e.POST("/webhook", _this.Webhook)
// Controller
func (_this *WebhookRoute) Webhook(c echo.Context) error {
clientId := ""
clientSecret := ""
cashfree.XClientId = &clientId
cashfree.XClientSecret = &clientSecret
cashfree.XEnvironment = cashfree.SANDBOX
signature := c.Request().Header.Get("x-webhook-signature")
timestamp := c.Request().Header.Get("x-webhook-timestamp")
body, _ := ioutil.ReadAll(c.Request().Body)
rawBody := string(body)
webhookEvent, err := cashfree.PGVerifyWebhookSignature(signature, rawBody, timestamp)
if err != nil {
fmt.Println(err.Error())
} else {
fmt.Println(webhookEvent.Object)
}
}
```
```php PHP theme={"dark"}
";
\Cashfree\Cashfree::$XClientSecret = "";
$cashfree = new \Cashfree\Cashfree();
try {
$response = cashfree->PGVerifyWebhookSignature($expectedSig, $inputJSON, $ts);
} catch(Exception $e) {
// Error if signature verification fails
}
?>
```
```python Python theme={"dark"}
from cashfree_pg.api_client import Cashfree
@app.route('/webhook', methods = ['POST'])
def disp():
# Get the raw body from the request
raw_body = request.data
# Decode the raw body bytes into a string
decoded_body = raw_body.decode('utf-8')
#verify_signature
timestamp = request.headers['x-webhook-timestamp']
signature = request.headers['x-webhook-signature']
cashfree = Cashfree()
cashfree.XClientId = ""
cashfree.XClientSecret = ""
try:
cashfreeWebhookResponse = cashfree.PGVerifyWebhookSignature(signature, decoded_body, timestamp)
except:
# If Signature mis-match
```
```java Java theme={"dark"}
import com.cashfree.*;
@PostMapping("/my-endpoint")
public String handlePost(HttpServletRequest request) throws IOException {
Cashfree.XClientId = "";
Cashfree.XClientSecret = "";
Cashfree.XEnvironment = Cashfree.SANDBOX;
StringBuilder stringBuilder = new StringBuilder();
BufferedReader bufferedReader = null;
try {
bufferedReader = request.getReader();
String line;
while ((line = bufferedReader.readLine()) != null) {
stringBuilder.append(line).append('\n');
}
String rawBody = stringBuilder.toString();
String signature = request.getHeader("x-webhook-signature");
String timestamp = request.getHeader("x-webhook-timestamp");
Cashfree cashfree = new Cashfree();
PGWebhookEvent webhook = cashfree.PGVerifyWebhookSignature(signature, rawBody, timestamp);
} catch (Exception e) {
// Error if verification fails
} finally {
if (bufferedReader != null) {
bufferedReader.close();
}
}
}
```
```csharp C# theme={"dark"}
import com.cashfree.*;
@PostMapping("/my-endpoint")
public String handlePost(HttpServletRequest request) throws IOException {
Cashfree.XClientId = "";
Cashfree.XClientSecret = "";
Cashfree.XEnvironment = Cashfree.SANDBOX;
StringBuilder stringBuilder = new StringBuilder();
BufferedReader bufferedReader = null;
try {
bufferedReader = request.getReader();
String line;
while ((line = bufferedReader.readLine()) != null) {
stringBuilder.append(line).append('\n');
}
String rawBody = stringBuilder.toString();
String signature = request.getHeader("x-webhook-signature");
String timestamp = request.getHeader("x-webhook-timestamp");
Cashfree cashfree = new Cashfree();
PGWebhookEvent webhook = cashfree.PGVerifyWebhookSignature(signature, rawBody, timestamp);
} catch (Exception e) {
// Error if verification fails
} finally {
if (bufferedReader != null) {
bufferedReader.close();
}
}
}
```
### Compute signature and verify manually
```javascript Node(express) theme={"dark"}
function verify(ts, rawBody){
const body = req.headers["x-webhook-timestamp"] + req.rawBody;
const secretKey = "";
let genSignature = crypto.createHmac('sha256',secretKey).update(body).digest("base64");
return genSignature
}
```
```go Go theme={"dark"}
func VerifySignature(expectedSig string, ts string, body string) (string, error) {
t := time.Now()
currentTS := t.Unix()
if currentTS-ts > 1000*300 {
return "", errors.New("webhook delivered too late")
}
signStr := strconv.FormatInt(ts, 10) + body
fmt.Println("signing String: ", signStr)
key := ""
h := hmac.New(sha256.New, []byte(key))
h.Write([]byte(signStr))
b := h.Sum(nil)
return base64.StdEncoding.EncodeToString(b), nil
}
timestamp := c.Request().Header.Get("x-webhook-timestamp")
body, _ := ioutil.ReadAll(c.Request().Body)
rawBody := string(body)
signature := c.Request().Header.Get("x-webhook-signature")
VerifySignature(signature, timestamp, rawBody)
```
```php PHP theme={"dark"}
function computeSignature($ts, $rawBody){
$rawBody = file_get_contents('php://input');
$ts = getallheaders()['x-webhook-timestamp'];
$signStr = $ts . $rawBody;
$key = "";
$computeSig = base64_encode(hash_hmac('sha256', $signStr, $key, true));
return $computeSig;
}
```
```java Java theme={"dark"}
public String generateSignature() {
bufferedReader = request.getReader();
String line;
while ((line = bufferedReader.readLine()) != null) {
stringBuilder.append(line).append('\n');
}
String payload = stringBuilder.toString();
String timestamp = request.getHeader("x-webhook-timestamp");
String data = timestamp+payload;
String secretKey = "SECRET-KEY"; // Get secret key from Cashfree Merchant Dashboard;
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key_spec = new SecretKeySpec(secretKey.getBytes(),"HmacSHA256");
sha256_HMAC.init(secret_key_spec);
String computed_signature = Base64.getEncoder().encodeToString(sha256_HMAC.doFinal(data.getBytes()));
return computed_signature; // compare with "x-webhook-signature"
}
```
```python Python theme={"dark"}
import base64
import hashlib
import hmac
def generateSignature():
# Get the raw body from the request
raw_body = request.data
# Decode the raw body bytes into a string
payload = raw_body.decode('utf-8')
#verify_signature
timestamp = request.headers['x-webhook-timestamp']
signatureData = timestamp+payload
message = bytes(signatureData, 'utf-8')
secretkey=bytes("Secret_Key",'utf-8') #Get Secret_Key from Cashfree Merchant Dashboard.
signature = base64.b64encode(hmac.new(secretkey, message, digestmod=hashlib.sha256).digest())
computed_signature = str(signature, encoding='utf8')
return computed_signature #compare with "x-webhook-signature"
```