Skip to main content
When a pay-in or payout transaction is processed, our system will send a callback (also known as a webhook) to a URL that you provide in your initial request. This callback informs your application about the final status of the transaction, whether it was successful or failed.

Callback Verification

Every callback originates from a fixed IP address so you can confidently filter traffic before running any business logic.
Accept callback requests only when the source IP matches the environment you are targeting—staging 3.6.153.201, production 13.200.180.36. Reject or ignore every other IP to prevent spoofed updates.
1

Inspect the request IP

Check the incoming request’s remote address (e.g., from your load balancer headers or application server logs).
2

Match against the allowlist

Compare the IP to the correct environment:
  • Staging: 3.6.153.201
  • Production: 13.200.180.36
3

Permit or reject

Process the callback only when the IP matches the allowlist entry; otherwise, return a 403 (or silently drop) before parsing the payload.

Setting Up a Local Tunnel for Testing

To test callbacks during local development, your application running on localhost needs to be accessible from the public internet. Tools like ngrok can create a secure tunnel to your local machine.
1

Install ngrok

Follow the installation instructions on the ngrok website.
2

Run Your Local Server

Start the web server for your application on a specific port (e.g., 8000).
3

Start ngrok

Open a new terminal window and start ngrok to forward a public URL to your local port.
ngrok http 8000
4

Use the Forwarding URL

Ngrok will provide you with a public URL (e.g., https://random-string.ngrok.io). Use this URL as the callback_url when you make a pay-in or payout request. All callbacks will now be sent to your local application.

Callback Requests

We will send a POST request to your specified callback URL with a JSON body containing the transaction details.
If your callback URL does not respond with a 200 status code, we will retry the request up to 3 times, with a 30-second interval between each attempt. We only consider the callback successfully delivered upon receiving a 200 response.
POST /your-callback-endpoint HTTP/1.1
Host: your-domain.com
Content-Type: application/json
User-Agent: Payzio-Callback-Service

{
  "amount": 500,
  "utr": "TESTUTR123",
  "payment_id": "GYrQ1SrDMF8awMDqgkl7Brw1uG2zqkq9",
  "status": "SUCCESS",
}

Pay-in Callbacks

Here are the possible request bodies for a pay-in callback. 
{
  "amount": 500,
  "utr": "TESTUTR123",
  "payment_id": "GYrQ1SrDMF8awMDqgkl7Brw1uG2zqkq9",
  "status": "SUCCESS"
}

{
  "amount": 500,
  "utr": "TESTUTR123",
  "payment_id": "g9RUutDeYmxIreY3Xw4tieKVS6eZqRuR",
  "status": "FAILED"
}

Payout Callbacks

Here are the possible request bodies for a payout callback. 
{
  "amount": 1,
  "utr": "TESTUTR456",
  "payment_id": "WDrimcTVug0xnuck5ljtJTFRjgfNlIxT",
  "status": "SUCCESS",
}

{
  "amount": 1,
  "utr": "TESTUTR456",
  "payment_id": "W9nPAQY60yaF3wqjz4giNR4xn78oZkHP",
  "status": "FAILED",
}