Skip to content
Guides

Webhooks

Restore Hub receives webhooks from billing providers β€” it does not currently emit outbound webhooks to your server. This page explains the inbound flow so you understand how subscription state is kept in sync.

Nothing to configure. If you only use the API, you can skip this page. These endpoints handle Stripe and OxaPay events on Restore Hub's side; you don't need to register anything. We're documenting them for transparency and audit purposes.

Stripe β€” POST /api/billing/webhook

Stripe sends every billing event for Restore Hub customers (subscriptions, invoice payment success/failure, customer updates) to this endpoint. The handler verifies the signature against STRIPE_WEBHOOK_SECRET and updates the user's plan, billing state, and entitlements in the database.

Events we react to:

  • checkout.session.completed β€” new subscription, attach to user
  • customer.subscription.updated β€” plan change, mid-cycle upgrade/downgrade
  • customer.subscription.deleted β€” cancellation, revert to FREE plan
  • invoice.payment_succeeded β€” extend access for next period
  • invoice.payment_failed β€” flag account, send email, eventual downgrade
  • charge.refunded β€” credit ledger and update audit trail

Verification: every request must carry a valid Stripe-Signature header. Unverified requests get 400.

# Stripe sends:
POST https://api.restorehub.net/api/billing/webhook
Stripe-Signature: t=1714000000,v1=...,v0=...
Content-Type: application/json

# We verify with stripe.webhooks.constructEvent(rawBody, sig, secret).
# Reject = 400. Accept = process and 200.

OxaPay β€” POST /api/oxapay/webhook

OxaPay handles cryptocurrency payments. The endpoint verifies the request hash against the merchant secret, then activates a subscription or extends a plan based on the invoice status.

States we handle:

  • Paid β€” confirmed crypto payment, activate plan
  • Confirming β€” txn submitted, no action yet
  • Expired / Failed β€” clean up the pending invoice record
# OxaPay sends:
POST https://api.restorehub.net/api/oxapay/webhook
HMAC: <hex digest of body using merchant secret>
Content-Type: application/json

# We re-compute the HMAC server-side and compare timing-safely.

Security model

Both endpoints are public but protected by:

  • Cryptographic signature verification on every request
  • Idempotency: replaying the same event has no additional effect
  • Rate limiting at the load balancer
  • Audit-log entries on every state change

Outbound webhooks (roadmap)

Outbound webhooks β€” Restore Hub calling your server when something happens (member verified, backup completed, etc.) β€” are on the roadmap. For now, poll the API or use the MCP server from inside an agent loop.

Previous

MCP Server

Next

API Reference

Webhooks β€” Restore Hub | Restore Hub