# How crypto payment webhooks work

Canonical: https://apa.app/resources/guides/crypto-payment-webhooks
Category: Developers

How ecommerce stores should use signed webhooks to update order status after crypto payments.

Crypto checkout is not a single synchronous card authorization. A customer signs a wallet transaction, the payment is detected, routes may complete, and the final state is delivered back to the merchant backend.

## Use webhooks for order truth

Your backend should not rely only on the customer's browser redirect. Redirects are useful for customer experience, but signed webhooks are the reliable way to update order state.

Apa webhook events include payment status changes so your backend can fulfil only after the payment reaches a successful terminal state.

## Verify signatures

A webhook endpoint should verify the signature header with the endpoint signing secret before trusting the body. This prevents random requests from changing order state.

## Handle retries

Webhook delivery can fail if your server is down or slow. Design idempotent handlers: store event ids, ignore duplicates and make order updates safe to retry.

## FAQ

### Should my store trust the success redirect?

No. Use the redirect for customer UX and the signed webhook for backend order state.

### What payment status should fulfil an order?

A terminal success state such as paid. Pending and routing are not final.