Webhooks Reference

This reference provides an overview of the Getnet Webhook system, including authentication methods, available event types, API endpoints, and webhook payload structures. For detailed API endpoint documentation with request/response schemas, parameters, and examples, refer to the API Reference documentation.

Getnet sends webhook notifications as HTTP POST requests with JSON payloads. All timestamps use ISO 8601 format, and monetary amounts are in the smallest currency unit (cents for BRL).

Authentication

When creating a webhook subscription, you must specify how Getnet should authenticate when posting to your endpoint. The Webhook Management API supports three authentication methods:

1. User Credentials (Basic Auth)

Use this method when your webhook endpoint validates requests using HTTP Basic Authentication. Getnet will include a standard Authorization: Basic header composed of the credentials you provide.

Configuration:

json

{
  "authentication_type": "user_credentials",
  "authentication_data": {
    "user": "your_client_id",
    "password": "your_client_secret"
  }
}

json

{
  "authentication_type": "user_credentials",
  "authentication_data": {
    "user": "your_client_id",
    "password": "your_client_secret"
  }
}

When Getnet sends webhooks to your endpoint, it will include:

text

Authorization: Basic {base64_encoded_user:password}

text

Authorization: Basic {base64_encoded_user:password}

2. OAuth 2.0

Use this method when your webhook endpoint expects OAuth 2.0 Bearer tokens. Getnet will execute the full OAuth 2.0 client credentials flow on your behalf before each webhook delivery.

Configuration:

json

{
  "authentication_type": "oauth",
  "authentication_data": {
    "oauth_url": "https://auth.provider.com/token",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "credentials_location": "basic_auth_header",
    "token_key_name": "access_token"
  }
}

json

{
  "authentication_type": "oauth",
  "authentication_data": {
    "oauth_url": "https://auth.provider.com/token",
    "client_id": "your_client_id",
    "client_secret": "your_client_secret",
    "credentials_location": "basic_auth_header",
    "token_key_name": "access_token"
  }
}

Configuration fields:

Field	Type	Required	Description
`oauth_url`	string	Yes	OAuth token endpoint URL
`client_id`	string	Yes	OAuth client ID
`client_secret`	string	Yes	OAuth client secret
`credentials_location`	string	No	Where to send credentials: `basic_auth_header` (default) or `body`
`token_key_name`	string	No	Key name in token response (default: `access_token`)

When Getnet sends webhooks, it will:

Request a token from your OAuth server using the provided credentials
Extract the token from the response using token_key_name
Include it in the webhook request: Authorization: Bearer {token}

3. Token (Bearer Token)

Use this method when you want Getnet to use a Bearer token obtained from the Getnet Authentication API. This token is the same one you use to authenticate API requests to Getnet.

Configuration:

json

{
  "authentication_type": "token",
  "authentication_data": {
    "token": "your_bearer_token_from_getnet_auth_api"
  }
}

json

{
  "authentication_type": "token",
  "authentication_data": {
    "token": "your_bearer_token_from_getnet_auth_api"
  }
}

Note: The token is obtained from the Getnet Authentication API endpoint (/authentication/oauth2/access_token) using your client_id and client_secret. This is the same token you use for other Getnet API requests. See the Authentication documentation for details on obtaining tokens from the authentication endpoint.

When Getnet sends webhooks, it will include:

text

Authorization: Bearer {token}

text

Authorization: Bearer {token}

Event Types

Getnet webhooks support the following event types. Each event type corresponds to a specific transaction state or action:

Event Type	Description
`APPROVED_TRANSACTIONS`	Payment transaction has been successfully approved
`REJECTED_TRANSACTIONS`	Payment transaction was rejected or denied
`CAPTURED_TRANSACTIONS`	Pre-authorized payment has been captured
`CANCELLED_TRANSACTIONS`	Transaction has been cancelled
`REFUNDED_TRANSACTIONS`	Transaction has been refunded
`CARD_UPDATE`	Card details updated via Network Token or Account Updater

When creating a webhook subscription, you specify which event type(s) you want to receive. You can create multiple subscriptions for different event types or handle all events at a single endpoint.

Webhook Management API Overview

The Webhook Management API provides endpoints to manage your webhook subscriptions programmatically. For complete endpoint documentation including request/response schemas, parameters, error codes, and examples, see the API Reference.

Available Endpoints

Endpoint	Method	Description
`POST /subscriptions`	POST	Create a new webhook subscription
`GET /subscriptions/{subscription_id}`	GET	Retrieve webhook subscriptions for a specific subscription ID
`DELETE /subscriptions/{subscription_id}`	DELETE	Delete a webhook subscription
`GET /subscriptions/{subscription_id}/events`	GET	List event messages for a subscription with pagination
`PATCH /subscriptions/{subscription_id}/events/{event_id}`	PATCH	Resend a specific webhook event message
`GET /subscriptions-events`	GET	List all available event types that can be subscribed to

Base URL

All webhook management endpoints are available at:

text

https://api.gettech.com/webhooks/v1

text

https://api.gettech.com/webhooks/v1

For detailed information about each endpoint, including:

Request and response schemas
Required and optional parameters
Query parameters and pagination
Error responses and status codes
Example requests and responses

Refer to the API Reference documentation.

Webhook Event Payloads

When a subscribed event occurs, Getnet sends an HTTP POST request to your callback_url with a JSON payload containing the event data. The payload structure varies depending on the event type.

APPROVED_TRANSACTIONS

Sent when a payment transaction has been successfully approved.

Example Payload:

json

{
  "idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb7",
  "seller_id": "9406df6c-3100-49ba-b4df-d81c1ad8a62b",
  "request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
  "payment_id": "2c341d28-491b-4cf8-aec7-eeb60136b7a5",
  "order_id": "ORDER-10187383",
  "amount": "11870",
  "currency": "BRL",
  "status": "APPROVED",
  "payment_method": "CREDIT",
  "received_at": "2025-11-13T14:30:00.000Z",
  "transaction_id": "123456789012",
  "original_transaction_id": null,
  "authorized_at": "2025-11-13T14:30:00.000Z",
  "reason_code": "00",
  "reason_message": "TRANSACTION EXECUTED SUCCESSFULLY",
  "acquirer": "GETNET",
  "soft_descriptor": "LOJA*TESTE*COMPRA",
  "brand": "Visa",
  "authorization_code": "123456",
  "acquirer_transaction_id": "987654321",
  "eci": "05",
  "payment_received_timestamp": "2025-11-13T14:30:00.000Z",
  "card_id": "e8ad2ae4-9e3e-4532-998f-1a5a11e56e58",
  "merchant_advice_code": null,
  "additional_data": {}
}

json

{
  "idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb7",
  "seller_id": "9406df6c-3100-49ba-b4df-d81c1ad8a62b",
  "request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
  "payment_id": "2c341d28-491b-4cf8-aec7-eeb60136b7a5",
  "order_id": "ORDER-10187383",
  "amount": "11870",
  "currency": "BRL",
  "status": "APPROVED",
  "payment_method": "CREDIT",
  "received_at": "2025-11-13T14:30:00.000Z",
  "transaction_id": "123456789012",
  "original_transaction_id": null,
  "authorized_at": "2025-11-13T14:30:00.000Z",
  "reason_code": "00",
  "reason_message": "TRANSACTION EXECUTED SUCCESSFULLY",
  "acquirer": "GETNET",
  "soft_descriptor": "LOJA*TESTE*COMPRA",
  "brand": "Visa",
  "authorization_code": "123456",
  "acquirer_transaction_id": "987654321",
  "eci": "05",
  "payment_received_timestamp": "2025-11-13T14:30:00.000Z",
  "card_id": "e8ad2ae4-9e3e-4532-998f-1a5a11e56e58",
  "merchant_advice_code": null,
  "additional_data": {}
}

Field Descriptions:

Field	Type	Description
`idempotency_key`	string	Idempotency key used to control requests
`seller_id`	string	Seller identification
`request_id`	string	Request identifier. Unique for each request
`payment_id`	string	Payment identifier
`order_id`	string	Purchase identification code used by e-commerce
`amount`	string	Transaction amount
`currency`	string	Currency code (e.g., "BRL", "USD")
`status`	string	Transaction status (e.g., "APPROVED")
`payment_method`	string	Payment method used (e.g., "CREDIT", "DEBIT")
`received_at`	string	Timestamp when payment was received
`transaction_id`	string	Transaction identifier
`original_transaction_id`	string	Original transaction identifier (for refunds/cancellations)
`authorized_at`	string	Timestamp when transaction was authorized
`reason_code`	string	Return code from the sender or the getnet capture system
`reason_message`	string	Return message from the sender or the getnet capture system
`acquirer`	string	Acquirer name
`soft_descriptor`	string	Soft descriptor shown on card statement
`brand`	string	Card brand (e.g., "Visa", "Mastercard")
`authorization_code`	string	Authorization code
`acquirer_transaction_id`	string	Acquirer transaction identifier
`eci`	string	Electronic Commerce Indicator
`payment_received_timestamp`	string	Payment received timestamp
`card_id`	string	Card identifier saved in vault (if applicable)
`boleto`	object	Boleto payment details (if applicable)
`merchant_advice_code`	string	Merchant advice code (if applicable)
`additional_data`	object	Additional data

REJECTED_TRANSACTIONS

Sent when a payment transaction has been rejected or denied.

Example Payload:

json

{
  "idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb7",
  "seller_id": "9406df6c-3100-49ba-b4df-d81c1ad8a62b",
  "request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
  "payment_id": "2c341d28-491b-4cf8-aec7-eeb60136b7a5",
  "order_id": "ORDER-10187383",
  "amount": "11870",
  "currency": "BRL",
  "status": "REJECTED",
  "payment_method": "CREDIT",
  "received_at": "2025-11-13T14:30:00.000Z",
  "transaction_id": "123456789012",
  "original_transaction_id": null,
  "authorized_at": null,
  "reason_code": "51",
  "reason_message": "INSUFFICIENT FUNDS",
  "acquirer": "GETNET",
  "soft_descriptor": "LOJA*TESTE*COMPRA",
  "brand": "Visa",
  "authorization_code": null,
  "acquirer_transaction_id": null,
  "eci": null,
  "payment_received_timestamp": "2025-11-13T14:30:00.000Z",
  "card_id": null,
  "merchant_advice_code": null,
  "additional_data": {}
}

json

{
  "idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb7",
  "seller_id": "9406df6c-3100-49ba-b4df-d81c1ad8a62b",
  "request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
  "payment_id": "2c341d28-491b-4cf8-aec7-eeb60136b7a5",
  "order_id": "ORDER-10187383",
  "amount": "11870",
  "currency": "BRL",
  "status": "REJECTED",
  "payment_method": "CREDIT",
  "received_at": "2025-11-13T14:30:00.000Z",
  "transaction_id": "123456789012",
  "original_transaction_id": null,
  "authorized_at": null,
  "reason_code": "51",
  "reason_message": "INSUFFICIENT FUNDS",
  "acquirer": "GETNET",
  "soft_descriptor": "LOJA*TESTE*COMPRA",
  "brand": "Visa",
  "authorization_code": null,
  "acquirer_transaction_id": null,
  "eci": null,
  "payment_received_timestamp": "2025-11-13T14:30:00.000Z",
  "card_id": null,
  "merchant_advice_code": null,
  "additional_data": {}
}

Field Descriptions:

Field	Type	Description
`idempotency_key`	string	Idempotency key used to control requests
`seller_id`	string	Seller identification
`request_id`	string	Request identifier. Unique for each request
`payment_id`	string	Payment identifier
`order_id`	string	Purchase identification code used by e-commerce
`amount`	string	Transaction amount
`currency`	string	Currency code (e.g., "BRL", "USD")
`status`	string	Transaction status (e.g., "REJECTED")
`payment_method`	string	Payment method used (e.g., "CREDIT", "DEBIT")
`received_at`	string	Timestamp when payment was received
`transaction_id`	string	Transaction identifier
`original_transaction_id`	string	Original transaction identifier (for refunds/cancellations)
`authorized_at`	string	Timestamp when transaction was authorized (may be null)
`reason_code`	string	Return code from the sender or the getnet capture system
`reason_message`	string	Return message from the sender or the getnet capture system
`acquirer`	string	Acquirer name
`soft_descriptor`	string	Soft descriptor shown on card statement
`brand`	string	Card brand (e.g., "Visa", "Mastercard")
`authorization_code`	string	Authorization code (may be null)
`acquirer_transaction_id`	string	Acquirer transaction identifier (may be null)
`eci`	string	Electronic Commerce Indicator (may be null)
`payment_received_timestamp`	string	Payment received timestamp
`card_id`	string	Card identifier saved in vault (if applicable, may be null)
`boleto`	object	Boleto payment details (if applicable)
`merchant_advice_code`	string	Merchant advice code (if applicable, may be null)
`additional_data`	object	Additional data

REFUNDED_TRANSACTIONS

Sent when a transaction has been refunded.

Example Payload:

json

{
  "idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb7",
  "seller_id": "9406df6c-3100-49ba-b4df-d81c1ad8a62b",
  "request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
  "payment_id": "2c341d28-491b-4cf8-aec7-eeb60136b7a5",
  "order_id": "ORDER-10187383",
  "amount": 8900,
  "currency": "BRL",
  "status": "REFUNDED",
  "reason_code": "00",
  "reason_message": "TRANSACTION EXECUTED SUCCESSFULLY",
  "canceled_at": "2025-11-13T15:30:00.000Z",
  "custom_key": "20200630-8900"
}

json

{
  "idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb7",
  "seller_id": "9406df6c-3100-49ba-b4df-d81c1ad8a62b",
  "request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
  "payment_id": "2c341d28-491b-4cf8-aec7-eeb60136b7a5",
  "order_id": "ORDER-10187383",
  "amount": 8900,
  "currency": "BRL",
  "status": "REFUNDED",
  "reason_code": "00",
  "reason_message": "TRANSACTION EXECUTED SUCCESSFULLY",
  "canceled_at": "2025-11-13T15:30:00.000Z",
  "custom_key": "20200630-8900"
}

Field Descriptions:

Field	Type	Description
`idempotency_key`	string	Idempotency key, used to control requests (1-64 characters)
`seller_id`	string	ECommerce identification code (UUID, 36 characters)
`request_id`	string	Request identifier. Unique for each request (UUID, 36 characters)
`payment_id`	string	Payment identifier (UUID, 36 characters)
`order_id`	string	Purchase identification code used by e-commerce
`amount`	number	Purchase value in cents
`currency`	string	Currency identification (e.g., "BRL")
`status`	string	Transaction status
`reason_code`	string	Return code from the sender or the getnet capture system (2 chars)
`reason_message`	string	Return message from the sender or the getnet capture system
`canceled_at`	string	Cancellation/refund date (ISO 8601 format)
`custom_key`	string	Customer key used to identify the refund request (3-32 chars)

CANCELLED_TRANSACTIONS

Sent when a transaction has been cancelled.

Example Payload:

json

{
  "idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb7",
  "seller_id": "9406df6c-3100-49ba-b4df-d81c1ad8a62b",
  "request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
  "payment_id": "2c341d28-491b-4cf8-aec7-eeb60136b7a5",
  "order_id": "ORDER-10187383",
  "amount": 8900,
  "currency": "BRL",
  "status": "CANCELLED",
  "reason_code": "00",
  "reason_message": "TRANSACTION CANCELLED SUCCESSFULLY",
  "canceled_at": "2025-11-13T15:30:00.000Z",
  "custom_key": "20200630-8900"
}

json

{
  "idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb7",
  "seller_id": "9406df6c-3100-49ba-b4df-d81c1ad8a62b",
  "request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
  "payment_id": "2c341d28-491b-4cf8-aec7-eeb60136b7a5",
  "order_id": "ORDER-10187383",
  "amount": 8900,
  "currency": "BRL",
  "status": "CANCELLED",
  "reason_code": "00",
  "reason_message": "TRANSACTION CANCELLED SUCCESSFULLY",
  "canceled_at": "2025-11-13T15:30:00.000Z",
  "custom_key": "20200630-8900"
}

Field Descriptions:

Field	Type	Description
`idempotency_key`	string	Idempotency key, used to control requests (1-64 characters)
`seller_id`	string	ECommerce identification code (UUID, 36 characters)
`request_id`	string	Request identifier. Unique for each request (UUID, 36 characters)
`payment_id`	string	Payment identifier (UUID, 36 characters)
`order_id`	string	Purchase identification code used by e-commerce
`amount`	number	Purchase value in cents
`currency`	string	Currency identification (e.g., "BRL")
`status`	string	Transaction status
`reason_code`	string	Return code from the sender or the getnet capture system (2 chars)
`reason_message`	string	Return message from the sender or the getnet capture system
`canceled_at`	string	Cancellation date (ISO 8601 format)
`custom_key`	string	Customer key used to identify the cancellation request (3-32 chars)

CAPTURED_TRANSACTIONS

Sent when a pre-authorized payment has been captured.

Example Payload:

json

{
  "idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb7",
  "seller_id": "9406df6c-3100-49ba-b4df-d81c1ad8a62b",
  "request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
  "payment_id": "2c341d28-491b-4cf8-aec7-eeb60136b7a5",
  "order_id": "ORDER-10187383",
  "amount": 8900,
  "currency": "BRL",
  "status": "CAPTURED",
  "reason_code": "00",
  "reason_message": "TRANSACTION EXECUTED SUCCESSFULLY",
  "captured_at": "2025-11-13T16:00:00.000Z"
}

json

{
  "idempotency_key": "63c7f8ee-51a6-470d-bb76-ef762b62bfb7",
  "seller_id": "9406df6c-3100-49ba-b4df-d81c1ad8a62b",
  "request_id": "daac03dc-73db-453f-9bea-b1391669d5d3",
  "payment_id": "2c341d28-491b-4cf8-aec7-eeb60136b7a5",
  "order_id": "ORDER-10187383",
  "amount": 8900,
  "currency": "BRL",
  "status": "CAPTURED",
  "reason_code": "00",
  "reason_message": "TRANSACTION EXECUTED SUCCESSFULLY",
  "captured_at": "2025-11-13T16:00:00.000Z"
}

Field Descriptions:

Field	Type	Description
`idempotency_key`	string	Idempotency key, used to control requests (1-64 characters)
`seller_id`	string	ECommerce identification code (UUID, 36 characters)
`request_id`	string	Request identifier. Unique for each request (UUID, 36 characters)
`payment_id`	string	Payment identifier (UUID, 36 characters)
`order_id`	string	Purchase identification code used by e-commerce
`amount`	number	Purchase value in cents
`currency`	string	Currency identification (e.g., "BRL")
`status`	string	Transaction status
`reason_code`	string	Return code from the sender or the getnet capture system (2 chars)
`reason_message`	string	Return message from the sender or the getnet capture system
`captured_at`	string	Capture date (ISO 8601 format)

CARD_UPDATE

Sent when card details are updated via Network Token or Account Updater services.

Example Payload:

json

{
  "card_id": "e8ad2ae4-9e3e-4532-998f-1a5a11e56e58",
  "last_four_digits": "1212",
  "bin": "121212",
  "expiration_month": 12,
  "expiration_year": 28,
  "brand": "Mastercard",
  "cardholder_name": "JOAO DA SILVA",
  "customer_id": "customer_21081826",
  "number_token": "dfe05208b105578c070f806c80abd3af09e246827d29b866cf4ce16c205849977c9496cbf0d0234f42339937f327747075f68763537b90b31389e01231d4d13c",
  "used_at": "2017-04-19T16:30:30Z",
  "created_at": "2017-04-19T16:30:30Z",
  "updated_at": "2017-04-19T16:30:30Z",
  "status": "active",
  "transaction_id": "123456"
}

json

{
  "card_id": "e8ad2ae4-9e3e-4532-998f-1a5a11e56e58",
  "last_four_digits": "1212",
  "bin": "121212",
  "expiration_month": 12,
  "expiration_year": 28,
  "brand": "Mastercard",
  "cardholder_name": "JOAO DA SILVA",
  "customer_id": "customer_21081826",
  "number_token": "dfe05208b105578c070f806c80abd3af09e246827d29b866cf4ce16c205849977c9496cbf0d0234f42339937f327747075f68763537b90b31389e01231d4d13c",
  "used_at": "2017-04-19T16:30:30Z",
  "created_at": "2017-04-19T16:30:30Z",
  "updated_at": "2017-04-19T16:30:30Z",
  "status": "active",
  "transaction_id": "123456"
}

Field Descriptions:

Field	Type	Description
`card_id`	string	Card identifier saved in the safe (max 36 chars)
`last_four_digits`	string	Last four digits of the card (max 4 chars)
`bin`	string	First six digits of the card (max 6 chars)
`expiration_month`	integer	Two-digit card expiration month (1-12)
`expiration_year`	integer	Two-digit card expiration year
`brand`	string	Card banner (Mastercard, Visa, Amex, Elo, Hipercard)
`cardholder_name`	string	Buyer's name printed on the card (max 26 chars)
`customer_id`	string	Buyer identifier (max 100 chars)
`number_token`	string	Card token that will be used in transactions (max 128 chars)
`used_at`	string	Date of last use (ISO 8601 format)
`created_at`	string	Creation date (ISO 8601 format)
`updated_at`	string	Update date (ISO 8601 format)
`status`	string	Card status in the safe (active, blocked, canceled, renewed)
`transaction_id`	string	Card Verification Transaction ID (max 32 chars)

CHARGEBACK_NEEDS_RESPONSE

The CHARGEBACK_NEEDS_RESPONSE event is fired when a new chargeback is registered on the platform and the merchant must take action. The notification payload is an array of dispute objects. When more than 100 disputes are pending notification, they are delivered in batches of up to 100 items per request.

Upon receiving this event, the recommended flow is:

Extract the dispute_id from each item in the array.
Call 4.7 Chargeback Details to retrieve the full dispute data (see the Chargeback API reference page for details).
Upload supporting evidence via 4.8 Documents (see the Chargeback API reference page for details).
Submit the contestation via POST /disputes/{dispute_id}/evidences.

Example payload:

json

[
  {
    "idempotency_key": "a3f9c12e-8b47-4d02-bc1e-9f2d3a4e5b67",
    "dispute_id": "f4b8b62e-4825-4f98-b6ff-7d7bdf7cdba8",
    "affiliation_code": "674179",
    "event_type": "CHARGEBACK_NEEDS_RESPONSE",
    "cycle": "first_chargeback",
    "dispute_status": "needs_response",
    "merchant_status": "merchant_notified",
    "merchant_expiration_date": "2024-02-24T23:59:59.000Z",
    "reason_code": "4853",
    "amount": 20000,
    "currency": "MXN",
    "transaction_date": "2024-01-15T10:22:00.000Z",
    "acquirer_reference_number": "40397095747133411680659"
  }
]

json

[
  {
    "idempotency_key": "a3f9c12e-8b47-4d02-bc1e-9f2d3a4e5b67",
    "dispute_id": "f4b8b62e-4825-4f98-b6ff-7d7bdf7cdba8",
    "affiliation_code": "674179",
    "event_type": "CHARGEBACK_NEEDS_RESPONSE",
    "cycle": "first_chargeback",
    "dispute_status": "needs_response",
    "merchant_status": "merchant_notified",
    "merchant_expiration_date": "2024-02-24T23:59:59.000Z",
    "reason_code": "4853",
    "amount": 20000,
    "currency": "MXN",
    "transaction_date": "2024-01-15T10:22:00.000Z",
    "acquirer_reference_number": "40397095747133411680659"
  }
]

Payload field descriptions:

Field	Type	Description
`idempotency_key`	string (UUID)	Unique key per delivery — use to deduplicate events processed more than once
`dispute_id`	string (UUID)	The dispute identifier — use in all subsequent API calls
`affiliation_code`	string	Merchant affiliation code used by the card brand
`event_type`	string	Always `CHARGEBACK_NEEDS_RESPONSE` for this event
`cycle`	string	The active dispute cycle (e.g., `first_chargeback`, `retrieval_request`)
`dispute_status`	string	Always `needs_response` at notification time
`merchant_status`	string	Always `merchant_notified` at notification time
`merchant_expiration_date`	string (ISO 8601)	Deadline by which the merchant must respond
`reason_code`	string	Reason code assigned by the card brand (see Section 7)
`amount`	number	Disputed amount in the smallest currency unit (e.g., cents)
`currency`	string	ISO 4217 alpha-3 currency code (e.g., `MXN`, `BRL`, `CLP`)
`transaction_date`	string (ISO 8601)	Date and time of the original disputed transaction
`acquirer_reference_number`	string	Acquirer reference number (ARN) for the transaction

Batching: If more than 100 disputes are queued for notification, Getnet delivers them in multiple requests, each containing up to 100 items in the array.

Response Requirements

Your webhook endpoint must:

Accept HTTP POST requests
Use HTTPS with a valid SSL certificate
Respond with HTTP status code 204 (No Content) to acknowledge successful receipt
Handle authentication as configured in your subscription

If your endpoint returns any status code other than 204, Getnet will consider the delivery failed and may retry the webhook delivery.

Important Notes

Idempotency: All webhook payloads include an idempotency_key. Your endpoint should be idempotent and handle duplicate deliveries gracefully.
Response Code: Your webhook endpoint must respond with HTTP 204 (No Content) to acknowledge successful receipt. Any other status code will be considered a failure.
Timestamps: All timestamps are in ISO 8601 format (e.g., 2025-11-13T14:30:00.000Z).
Amounts: Monetary amounts are represented in the smallest currency unit (cents for BRL).
Optional Fields: Some fields may be null or omitted depending on the transaction type and payment method.
Retry Logic: If your endpoint doesn't respond with 204, Getnet will retry the webhook delivery.

On this page

Webhooks Reference

First Steps

Core Concepts

Card Payment Guides

Alternative Payment Methods

Reference

Webhooks

Payment methods

Webhooks Reference

Authentication

1. User Credentials (Basic Auth)

2. OAuth 2.0

3. Token (Bearer Token)

Event Types

Webhook Management API Overview

Available Endpoints

Base URL

Webhook Event Payloads

APPROVED_TRANSACTIONS

REJECTED_TRANSACTIONS

REFUNDED_TRANSACTIONS

CANCELLED_TRANSACTIONS

CAPTURED_TRANSACTIONS

CARD_UPDATE

CHARGEBACK_NEEDS_RESPONSE

Response Requirements

Important Notes