Skip to main content
The Webhook section configures outbound notifications for transfer events. When enabled, the plugin posts updates about transfers to an HTTPS endpoint you control, so downstream systems can react in near real time without polling the Console. The section header shows an Enabled or Disabled badge based on the toggle below.

Accessing the section

1

Open Settings

In the Bank Transfer sidebar, click Settings.
2

Expand Webhook

Click the section header to expand it.

Fields

Webhook Enabled

Toggle that turns the webhook delivery on or off. When disabled, the Endpoint URL and Signing Secret fields remain editable but inactive — the plugin will not send any requests until the toggle is on.

Endpoint URL

The HTTPS URL that will receive webhook requests (for example https://example.com/webhook). Editable only when the webhook is enabled.

Signing Secret

A shared secret used to sign webhook payloads so your endpoint can verify authenticity. Stored as a secret: once saved, the field shows placeholder dots instead of the value. Leave it empty when saving to keep the existing secret unchanged. Editable only when the webhook is enabled.
Webhook payloads can carry information about transfers, amounts, and counterparties. Always terminate the endpoint with HTTPS, validate the signature on every request, and reject payloads that do not match the expected signature.

Saving changes

Click Save in the toolbar at the top of the page. Every change is recorded in the Settings History tab. The Signing Secret is stored but shown as •••• in the history so the fact of a change is auditable without exposing the secret itself.

Tips

  • When first enabling the webhook, point it at a test endpoint (for example a request bin) to verify the payload shape before wiring it into production systems.
  • Rotate the signing secret periodically. When you rotate it, update both the plugin and your receiving service in the same window to avoid dropped events.
  • If your receiver becomes unavailable, consider disabling the webhook temporarily instead of leaving a broken endpoint — this prevents noisy failures and keeps the Settings History cleaner.