What happens when a webhook delivery fails?

Most providers retry with exponential backoff (e.g., 1 min, 5 min, 30 min, 2 hours). After a set number of retries (typically 5-10), the webhook is marked as failed.

How do I verify webhook signatures?

Compute an HMAC-SHA256 of the raw request body using your webhook secret, then compare it to the signature header sent by the provider. Use constant-time comparison to prevent timing attacks.

Webhook Delivery Errors — Troubleshooting Failed HTTP Callbacks

Error5xx server error

Overview

Fix webhook delivery failures including timeout errors, SSL issues, and retry handling for reliable event-driven HTTP callback integrations.

Key Details

Webhooks are HTTP POST callbacks triggered by events in a source system
Delivery failures occur when the receiving endpoint is unreachable, slow, or returns non-2xx status
Most webhook providers implement exponential backoff retry strategies
Failed webhooks can cause data synchronization gaps between systems
Payload signature verification failures are a common cause of rejected webhooks

Common Causes

Receiving endpoint returning 5xx errors or timing out beyond the provider's limit (typically 5-30 seconds)
SSL certificate errors on the receiving endpoint preventing HTTPS connections
Firewall or WAF blocking incoming webhook POST requests from provider IP ranges
Payload signature verification mismatch due to incorrect webhook secret configuration

Steps

1Check your endpoint logs for incoming requests — if none appear, the issue is network-level (firewall/DNS)
2Verify SSL certificate validity on your endpoint using 'openssl s_client -connect yourdomain.com:443'
3Ensure your endpoint responds within the provider's timeout limit — offload processing to a background queue
4Whitelist the webhook provider's IP ranges in your firewall and WAF rules
5Verify the webhook secret matches between provider settings and your verification code