> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ziina.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Webhooks

> This page will get you started with setting webhooks for your app

<Note>
  In order to call these endpoints your token must have `write_webhooks`
  [scope](/developers/oauth-2.0#available-scopes).
</Note>

To set a webhook URL, make a `POST` request to `/webhook` with a body payload:

* `url`: the URL you would like to set for your webhook.
* `secret`: optional. If provided, the secret will be used to generate an HMAC signature that will be passed as a header

Any subsequent calls to this URL will overwrite the webhook URL for your account.

Ziina will deliver events by making a `POST` request to your webhook URL. In the event of a non-ok status code, Ziina will retry 3 times to delivery the event. The webhook request will contain a body with the following fields:

* `event`: the name of the event being delivered
* `data`: the event data

Currently the event and data options are:

* `payment_intent.status.updated`: A [payment intent’s](../api-reference/payment-intent/index) status has been updated
* `refund.status.updated`: A [refund’s](../api-reference/refund/get) status has been updated

If a secret was provided when configuring the webhook, the HTTP request will contain a header `X-Hmac-Signature` that can be used to confirm the authenticity of the request. The value of this field will be the hexadecimal encoded SHA-256 HMAC signature of the request body.

Webhooks will come from one of the following IP addresses. Do not accept the webhook if it comes from a different IP address:

* 3.29.184.186
* 3.29.190.95
* 20.233.47.127
* 13.202.161.181
