Payment Service Providers (PSPs) must send webhooks to Wix to confirm payment and refund events and to notify Wix about any changes to a payment or refund status. Webhooks are sent using the Submit Event API. This article includes general information about sending webhooks. For details about when in the payment and refund flows to send webhooks, see Processing Payments and Processing Refunds.

We created a code example using Node.js that demonstrates how to send webhooks. You can use this code as a reference when you implement your own validation logic.


Every call to the Submit Event API must include an Authorization header with an access token as its value.

Before you can obtain an access token, your Wix Developers Center app must have the appropriate permissions. To get these permissions, contact the Wix Payments team and confirm that your app has the CASHIER.GET_ACCESS permission.

To obtain an access token, send a POST request to this endpoint:

Copy Code

Include this header:

Copy Code
Content-Type: application/json,

The body of the request must be a JSON object with following format:

Copy Code
"grant_type" : "client_credentials",
"client_id" : <APP_ID>,
"client_secret" : <APP_SECRET_KEY>

You can find your app's ID and secret key in the Wix Developers Center.

The response to the request has a body with the following format:

Copy Code
"refresh_token": null,
"access_token" : <ACCESS_TOKEN>

Use the value for access_token as the value for the Authorization header in your Submit Event requests.


  • Don't cache access tokens. Obtain a new one for each webhook you send.
  • These access tokens are only valid for the Submit Event API. You can't use them for other Wix APIs.
  • Access tokens retrieved using different "grant_type" values can't be used to send webhooks.

Sending webhooks

To send a webhook, send a request to the Submit Event API with the following format:

Copy Code
curl -v -X POST \
'https://www.wixapis.com/payments/v1/provider-platform-events' \
-H 'Content-Type: application/json' \
-H 'Authorization: <ACCESS_TOKEN>' \
-d '{
"event" : { <EVENT_OBJECT> }

If the webhook is received successfully, the response has a status code of 200, the Content-Type header's value is application/json, and the response body is an empty JSON object. Any other response indicates that the webhook wasn't received. In this case, retry sending the webhook later.

Note: When you send currency values in your webhook data, use the minor currency units described in the currencies table.

Was this helpful?