Skip to main content
Use webhooks to keep your product in sync with BFinance events (transactions, customer status changes, product access updates, and more).
Event schemas and examples live in the Webhooks tab. This page focuses on operational implementation guidance.

What you should build

1

1) Create a webhook endpoint

Expose an HTTPS endpoint that can receive webhook POST requests.
2

2) Process events asynchronously

Don’t do heavy work in the request handler. Persist the event and process it in a worker/job so your endpoint stays responsive.
3

3) Make processing idempotent

Design your handler so the same event can be processed more than once without creating duplicates.
4

4) Record an audit trail

Log (safely) the event type, timestamps, and entity IDs so support can trace what happened.

Delivery expectations (important)

Retries are not guaranteed. Treat webhook delivery as “best effort” and design your system so it can recover if events are missed.
Recommended recovery strategy:
  • use webhooks for real-time updates
  • use API backfill/polling for correctness (for example when a user opens an activity screen)

Security model

There is no signature verification for webhook requests. To secure your webhook endpoint, use source IP allowlisting:
  • request the trusted IP list from your account manager
  • allow only those IPs to reach your webhook endpoint
Also recommended:
  • enforce HTTPS only
  • rate-limit the endpoint
  • alert on unusual volumes