Webhooks provide reliable backend processing. While frontend callbacks offer instant UX feedback, webhooks ensure events are processed even when users close tabs or lose network connection.
Setting Up a Webhook Endpoint
Create an API route to receive webhook events. Lava signs every request with HMAC SHA-256 via theX-Webhook-Signature header — always verify this before processing.
- Next.js
- Express
app/api/webhooks/lava/route.ts
Register in Dashboard
- Go to Monetize > Webhooks in the Lava dashboard
- Click “Add Endpoint” and enter your webhook URL
- Select events to receive
- Copy the Webhook Secret and add to your environment:
Multiple endpoints supported. You can register different URLs for different event types.
Verifying Signatures
If you need a standalone verification function (e.g., for a shared utility), here it is in Node.js and Python:- Node.js
- Python
Event Types
All events deliver the same payload structure with acustomer object:
The top-level key is
event (not type). The subscription field is null for customers without an active subscription.customer.created
Fired when a customer completes checkout and a new customer record is established. Use this to:- Store the
customer_idin your database, linked to your internal user - Map the customer by email or phone to your user record
- Send a welcome email or enable access to your service
customer.wallet.balance.updated
Fired when a customer’s wallet balance changes — after API usage is charged, a payment is made, or credits are added. Use this to:- Check subscription credits to gate features when credits run out
- Notify users when their balance is low
- Track spending patterns
customer.deleted
Fired when a customer is deleted by the customer or merchant. Use this to:- Revoke access in your application
- Clean up the stored
customer_idin your database
Delivery Behavior
Testing Locally
- ngrok (Recommended)
- Test Script
Expose your local endpoint with a tunnel:Then register the ngrok URL in the Lava dashboard:
https://abc123.ngrok.io/api/webhooks/lavaTroubleshooting
Signature verification failing
Signature verification failing
Common causes:
- Using parsed JSON body instead of raw body string
- Express middleware (
express.json()) parsing body before verification - Incorrect webhook secret in environment variables
- Use
express.raw()middleware for webhook routes - In Next.js, use
req.text()to get the raw body - Verify
LAVA_WEBHOOK_SECRETmatches the value in your dashboard
Webhooks not being received
Webhooks not being received
- Webhook URL must be publicly accessible (not
localhost) - Endpoint must return a
200status code - Check for firewalls blocking inbound requests
- Verify events are selected and endpoint is enabled in dashboard
Webhooks timing out
Webhooks timing out
- Return
200immediately — don’t block on heavy processing - Move long-running operations to a background job queue
- Check that your endpoint responds within 10 seconds
Duplicate events received
Duplicate events received
- Implement idempotency using
customer_id+ event type as a dedup key - Check if event was already processed before handling
- Use a database unique constraint on the dedup key
Next Steps
Checkout
Set up checkout flow that triggers webhook events
Forward Proxy & Authentication
Generate forward tokens from webhook customer data