Webhooks

Overview

Ovra sends HTTP POST requests to your endpoints when events occur — transactions, intent approvals, card changes, and more.

Setup

curl -X POST https://api.getovra.com/webhooks \
  -H "Authorization: Bearer sk_test_..." \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.com/webhook",
    "events": ["transaction.completed", "intent.approved", "intent.denied"]
  }'

Events

Event	When
`transaction.completed`	Agent completed a payment
`intent.created`	New intent declared
`intent.approved`	Intent was approved (auto or manual)
`intent.denied`	Intent was denied by policy
`intent.expired`	Intent TTL expired
`card.frozen`	Card was frozen
`card.unfrozen`	Card was reactivated
`card.closed`	Card was permanently closed
`agent.created`	New agent created
`agent.frozen`	Agent was frozen

Verification

Every webhook includes an HMAC signature:

X-Ovra-Signature: sha256=...
X-Ovra-Timestamp: 1711036800

Verify by computing HMAC-SHA256 of the raw body with your webhook secret.

Retry Policy

Failed deliveries are retried with exponential backoff:

1 minute, 5 minutes, 15 minutes, 1 hour, 4 hours
Max 5 attempts per delivery

Getting Started

How Payments Work

Agent Frameworks

Overview

Setup

Events

Verification

Retry Policy

Getting Started

How Payments Work

Agent Frameworks

​Overview

​Setup

​Events

​Verification

​Retry Policy

Overview

Setup

Events

Verification

Retry Policy