Razorpay webhooks
Recurring subscriptions are driven by Razorpay webhooks at
POST /api/subscription/webhook.
- The endpoint verifies the
x-razorpay-signatureagainst yourRAZORPAY_WEBHOOK_SECRETusing a constant-time comparison. - Deliveries are idempotent — a duplicate event id is ignored.
- Handled events:
subscription.charged(renew + record an invoice),subscription.activated,subscription.cancelled,subscription.halted,subscription.completed, andpayment.failed.
Configure the webhook URL and secret in the Razorpay Dashboard. See Subscriptions & auto-pay.