Skip to main content
In distributed financial infrastructure, webhooks represent critical, event-driven integration boundaries. Because the network path is untrusted and packets can be dropped, delayed, or replayed, your application must treat every incoming webhook callback as a formal, untrusted input. The Zentra Control Plane delivers every ledger and transfer mutation as a signed, signature-verifiable webhook event. By adhering to defensive integration rules, you can process incoming events with absolute security and consistency.

The Retry-Aware Delivery Flow

If your application consumer is down, experiencing transient database locks, or failing to respond in time, Zentra does not drop events. We execute an automated retry schedule using exponential backoff to guarantee delivery.

Egress Webhook Safety Rules

Ensure your webhook receiver implements these four security policies:

Cryptographic Verification

Compute the HMAC-SHA256 signature on the raw request body and compare it with the signature sent in the header before executing any business logic.

Replay Attack Defense

Reject requests with timestamps that fall outside a 5-minute (300-second) tolerance window to prevent attackers from intercepting and re-submitting events.

Idempotent Deduplication

Webhooks can be delivered more than once. Always store processed event IDs (evt_...) in a database table to avoid dual-processing.

Return Status Codes Only

Respond immediately with a 200 OK or 204 No Content. Do not block the connection with long-running business logic; process webhooks asynchronously in a queue.

Verifying Webhook Signatures

Zentra signs all egress webhook requests with a custom header: x-zentra-signature. The header contains a Unix timestamp and a cryptographic signature in a Stripe-style comma-separated key-value format:
  • The t parameter represents the Unix epoch timestamp (in seconds) when the event was generated.
  • The v1 parameter represents the HMAC-SHA256 signature of the concatenated payload: timestamp.raw_body.

Implementation Code Examples

Initialize signature validation in your endpoint handler using constant-time string comparison to prevent timing attacks.
Never rely solely on webhook arrival to confirm a change in balance. Always verify the transaction context by using the API state endpoint or cross-referencing your immutable ledger logs.