Webhooks API

RustBill handles both inbound webhooks from payment providers and outbound webhooks to notify your systems of billing events.

Inbound Webhooks

Payment providers send events to these endpoints. Each provider has its own signature verification.

Stripe

POST /api/billing/webhooks/stripe
Stripe-Signature: t=...,v1=...

Handles events: checkout.session.completed, invoice.paid, invoice.payment_failed, customer.subscription.updated.

Xendit

POST /api/billing/webhooks/xendit
x-callback-token: <webhook-token>

Handles events: invoices.paid, invoices.expired.

LemonSqueezy

POST /api/billing/webhooks/lemonsqueezy
X-Signature: <hmac-signature>

Handles events: order_created, subscription_created, subscription_updated, subscription_payment_success.

Outbound Webhooks

Register endpoints to receive billing events from RustBill.

Register Webhook Endpoint

POST /api/billing/webhooks/endpoints
Content-Type: application/json
 
{
  "url": "https://your-app.com/webhooks/billing",
  "events": ["invoice.paid", "subscription.created", "payment.failed"],
  "secret": "your-signing-secret"
}

List Endpoints

GET /api/billing/webhooks/endpoints

Update Endpoint

PUT /api/billing/webhooks/endpoints/:id

Delete Endpoint

DELETE /api/billing/webhooks/endpoints/:id

Event Types

Event Payload

{
  "id": "evt_01JQX...",
  "type": "invoice.paid",
  "createdAt": "2026-03-15T10:30:00Z",
  "data": {
    "invoiceId": "01JQX...",
    "customerId": "01JQA...",
    "amount": "54.99",
    "currency": "USD"
  }
}

Outbound webhook requests include an X-Signature header with an HMAC-SHA256 signature of the payload using your endpoint’s secret.