Webhooks & logs
Inspect webhook delivery, re-send parked events, and review the audit log and gateway callback evidence.
Three operational logs help you debug deliveries and trace what happened.
Webhook delivery log
GET /admin/webhooks (requires audit:read) searches webhook events across apps,
filterable by applicationId, mode, type, and deliveryStatus. Each row shows
the delivery status, the number of attempts, the last error, and the timestamps.
When an event has exhausted its automatic retries it is parked. Re-queue it for
another attempt with POST /admin/webhooks/{id}/resend (requires app:manage). A
re-send keeps the same X-Webhook-Id, so a well-behaved consumer
dedupes it.
Audit log
GET /admin/audit-logs (requires audit:read) is the append-only trail of
sensitive actions — credential rotation/revocation, gateway overrides, user
management, refund approvals. Filter by actorType, actorId, action,
targetType, and targetId.
The audit log can be read but never edited or deleted. It is the record of who did what, when — treat a missing entry as significant.
Gateway callback evidence
GET /admin/gateway-callbacks (requires audit:read) records every inbound
gateway callback (IPN) the service received, with its outcome — useful when a
payment's state and the gateway disagree. Filter by mode, outcome, reference,
matchedPaymentId, gateway, and signatureValid.
An outcome of forged (signature invalid) or duplicate here explains why a
callback did not move a payment, without you having to dig into the gateway's own
dashboard.