When you develop with the Montonio API to create Orders, you must listen to webhook notifications sent to your notificationUrl. This is required so that you get notified about your order getting paid.

First, validate the content of the webhook by validating the JWT signature of the orderToken with your Secret Key. We send this token with an HTTP request to the notificationUrl you provided when creating the order, both as an order-token query parameter, and in the payload of the request (orderToken key in the JSON).

After you have validated the token with your Secret Key, use the contents of the token to look up the order in your system, using either the merchantReference parameter, or the uuid parameter (Montonio Order UUID). Then, change the status of the order in your system to the status we sent you in the token.

Once you have successfully processed the webhook, please respond to our request with either the 200 OK or the 201 Created HTTP status code. Respond with 200 or 201 even if the status of the order is not PAID or if you didn't change anything in your system.

If you don't respond with either 200 OK or 201 Created, we will retry the webhook 13 times over the next 48 hours until a successful response is received.