Introduction

Mangopay provides a webhook feature to submit notifications to other applications whenever a specific event occurs.

When creating the Hook object for an event type, you define the URL to which the notification is sent.

List of event types

The hook notification has the following format:

https://www.example.com?EventType=EventType&RessourceId=ResourceId&Date=Date

Doing a GET call on the ResourceId allows you to check that the event is still relevant and ensure that the hook is authentic.

Note – Use a TLS 1.2 certificate

Your endpoint must be protected using a TLS 1.2 certificate. Endpoints using self-signed certificates, SSL certificates or TLS versions 1.0 and 1.1 may be rejected by our webhook systems.

IP addresses

Mangopay sends webhook notifications from the IP addresses listed below in both the Production and Sandbox environments. Depending on your firewall or network security setup, you may need to add them to an allowlist to receive notifications.

The CIDR ranges and the full lists given below express the same IP addresses. The /32 indicates that only there is only one IP address in the range.

Note – Contact Mangopay for full list

The IPs below are redacted for security reasons. When your platform is looking to test webhooks in Sandbox, contact Mangopay via the Dashboard for the full list.

CIDR ranges:

  • X.XX.XXX.180/32
  • X.XX.XXX.181/32
  • X.XX.XXX.182/32

IP addresses:

  • X.XX.XXX.180
  • X.XX.XXX.181
  • X.XX.XXX.182

Notification failure

Hook notifications can fail. This means the hooked URL did not respond with a 200 - status code within 2 seconds after the notification was sent.

If this happens, the Mangopay API will behave as follows:

  • Every 10 failed notifications - You will receive an email warning you of the issue.
  • After 1 successful notification - The counter is reset. Please note that changing the hook’s URL will not reset the failure count.
  • After 100 consecutive failed notifications - The hook Validity will automatically be set to INVALID and its Status to DISABLED.

Once a hook becomes INVALID (following unsuccessful retries) the hook must be disabled and re-enabled.

Retries of failed notifications

Hook notifications come with a retry feature, which means that the Mangopay API will resubmit a failed notification until it reaches 100 consecutive failures.

To make sure the notification failures don’t lead to the hook being set to INVALID too quickly, the retries are spaced as follows:

  • Every 10 minutes for the first hour
  • Every 8 hours once the first hour is passed, and for the next 3 days

Webhooks

Learn more about event types

Endpoint

The Hook object

Was this page helpful?