Get Started

Review Supported Platforms

Before getting started, verify that your platform type is supported* by WePay:

Small-Medium Business (SMB)
E-commerce
Point of Sale

*Note

WePay does not support platforms whose primary user base consists of merchants participating in any of the prohibited activities per WePay's US merchant Terms of Service and CA merchant Terms of Service.

Click to view all prohibited activities

Note: Merchants in the United States from this list and merchants in Canada from this list cannot process with WePay, and thus must not be onboarded.

Category	Activities
Adult	Adult sites, content, sexual services, child pornography, bestiality, escort services, mail order brides
	Dating services
	Massage parlors
Aggregation	Payment facilitator to other merchants
Auctions	Internet auction, bidding fee auction, penny auction
Cash, stored value, virtual currency	Cash or cash equivalent, purchase of gold, silver, platinum, palladium, bullion and/or bars (collectibles are not prohibited)
	Cash disbursement
	Digital Wallet, stored value, prepaid companies, prepaid phone cards or phone services, sale of mobile minutes, or quasi cash
	Virtual currency or credits that can be monetized, re-sold or converted to physical or digital goods or services or otherwise exit the virtual world
Debt	Bail bond services or bankruptcy lawyers
	Credit counseling or repair services; debt elimination, consolidation or reduction services; factoring or liquidators
	Damages, losses, penalties, or fines of any kind; alimony, child support, or other court-ordered payments
	Debt collection; payment for a dishonored check or for an item deemed uncollectible by another merchant
	High interest rate non-bank consumer lending, including payday lending and title loans
	Loan payments transacted on a credit card
Drug	Drugs or drug paraphernalia
	Marijuana dispensaries and related products or services
	Peptides
	Personal enhancement products or nutraceuticals - vitamins, supplements, herbals, weight loss programs
	Pharmaceuticals, internet pharmacies
	Pseudo pharmaceuticals
Education	For profit higher education
Electric car charging	Electric car charging
Financial services	Banks, credit unions, savings and loan associates, unit trusts, mutual funds, foreign exchange, Bureau de Change
	Buy here, pay here (in-house financing)
	Cash advances
	Currency exchanges or dealers
	Money transfer, wire transfers, money orders, money transmitters, and check cashing, including merchants required to be registered as money services businesses
	Payable through accounts (foreign or domestic)
	P2P payments
Gambling, lottery	Gambling or betting, including lottery tickets, casino gaming chips, off-track betting, sports forecasting or odds making, fantasy sports, memberships on gambling-related internet sites (including unlawful Internet gambling as defined in 12 C.F.R. Section 232.2(bb)) and wagers at races, contests, sweepstakes, raffles, and offering prizes as an inducement to purchase goods or services
Government	Postal Services
High Risk	Astrology and related prediction or forecasting services
	Brand damaging
	Career placement or advice center merchants
	Cyberlockers, file sharing, file storage
	Delayed delivery merchants where the good or service is not shipped, delivered, or fulfilled when the card transaction is processed but is to occur at a future date
	International card sales greater than 20% of total sales
	Lifetime guarantee
	Merchants who are known to test or conduct research on animals
	Merchants who are known to have labor/working condition issues
	Merchants who are involved in developments that involve land acquisition and involuntary resettlement
	Merchants who are known to have experienced material community issues (e.g., demonstrations, blockades, security threats)
	Merchants whose proceeds may have the potential to impact indigenous peoples
	Merchants who have been subject to allegation and impacts related to human rights violations
	Money back guarantees exceeding 30 days
	Motor vehicle sales
	Online help for classes, homework or assignments
	Online personal computer technical support
	Pawn shop
	Private prison operators
	Psychic services
	Sale of airline, hotel, rental, or other miles or points
	Sale of products or services identified by government agencies to have a high likelihood of being fraudulent
	Sale of social media activity
	Sale or exchange of animals and regulated items such as animal pelts
	Shipping or forwarding brokers
Illegal	Counterfeit or possibly counterfeit goods, or products that infringe on the intellectual property rights of others
	Deceptive, unfair, or predatory practices
	Forced child labor/human trafficking, slavery
	Hate, violence, racial intolerance, terrorism, the financial exploitation of a crime, or items or activities that encourage, promote, facilitate, or instruct others regarding the same
	Unlawful activities, illegal substances or products, or items that encourage, promote, facilitate, or instruct others regarding the same
Investment, real estate	Commodity trading or security trading; equities (including stocks, bonds, or any other ownership position in a corporation)
	Crowdsourced fundraising for stock or equity
	Distressed property sales and marketing; real estate flipping
	Goods or services to be delivered more than four (4) months in the future, with an intention of gaining return on investment
	Mortgage accelerator processors
	Timeshares, timeshare resales, and related marketing
Marketing	Buyers clubs, membership clubs
	Direct marketing - inbound telemarketing
	Direct marketing - negative option, renewal, or continuity subscription practices
	Direct marketing - travel-related arrangement services
	Discount coupon merchants or online sites
	Discount medical or dental plans, including discount insurance
	Door to door sales
	Infomercial merchants
	Lead generation businesses
	Lifetime payments for timeshares, guarantees, and the like
	Marketing activities involving "pay only for shipping" and/or "free trial" periods
	Outbound telemarketers and telecom merchants
	Rebate or upsell merchants
Militia	Cross border military related goods
Militia	Militia, armed groups or armed gangs
Political parties	Consulates, embassies, missions to the United Nations
Political parties	Political organizations
Regulated	Age restricted products or services, such as alcohol
	Firearms, including ammunition
	Hookah
	Other weapons that are not related to firearms
	Tobacco, cigarettes, e-cigarettes
Telecomm	Telecommunications, including wireless, cable, satellite, wireline, and ISP
Travel	Airlines, including charter air carriers
	Steamships and Cruise lines
	Travel agencies or tour operators
	Travel industry, including car rental and lodging

WePay's API products are packed full of features and conveniences to help you handle different scenarios, like reducing PCI scope, preventing double charges in case of error, and adding in your own custom data to help maintain things like state.

By the end of this doc, you'll have the right information to build an API call.

Sign Up

Start by heading over to partner.wepay.com if you haven't already.

We recommend using an aliased email address to sign up (so, something like payments@your-company.com) as this allows for multiple people to access your company's account, instead of tying it to a single person's login. Another benefit is that the person responsible for filling in Know Your Customer (KYC) details can do so at a later time while you onboard to the API and begin making calls.

If you're simply testing the API, it's fine to use your own email address, and create a separate account using an alias at a later time.

Contact our Sales team to confirm the ability of your platform to obtain Production access.

Confirm Email Address

Make sure to confirm your email address once you've finished signing up for an account. If you haven't, be sure to visit here, and click the banner to resend the confirmation email.

A banner reminding you to confirm your email

Generate App Tokens

Before you can make an API call, you'll need to grab your App ID, API version, and App Token. You'll need to generate an App Token through the Partner Center. Simply click “Create Token”, enter a unique name, and hit save.

Note that the Legal Entity and Account IDs displayed with your API credentials are specific to your platform; each merchant will require their own Legal Entity and Account.

You can generate up to 3 tokens. As an example for using multiple tokens, you can think of each as a way to logically separate different components of your system which may interface with different parts of the Clear API. For example, you could have one service that exclusively deals with payment processing, which would have its own token that is revocable at any time. It's not mandatory to generate more than 1 token.

Recommendation

As a security precaution, rotate your App Tokens every 3 months by visiting the Partner Center. Delete your current tokens, create new tokens, and replace your old tokens with your new ones.

Stage vs. Production

Base URL	Environment
`https://stage-api.wepay.com`	Stage
`https://api.wepay.com`	Production

When you finish signing up for an account, you'll begin in the stage environment. Your API credentials will let you make API requests to the https://stage-api.wepay.com base URL, appended with an endpoint. The stage environment is intended for use in the development and prototyping of your application.

In order to process payments in Production, you must first be assigned an integration manager.

If you are not managed and would like to move to Production, contact our Sales team to move further. We suggest completing this step first to align on integration requirements.

When you are managed and ready to launch, you can begin the process of certification to migrate to the Production environment in the dashboard.

As using production credentials executes actual money movement, we do not allow any account to migrate to the production environment until they have passed certification. We define certification throughout the basic integration process. In addition, WePay requires you to submit personal and business details before you can access the production environment.

Submit Personal and Business Details

To submit personal and business details, first navigate to the Live tab and click the blue button to update your personal information:

Submit your personal and business KYC in the Live tab

Next, identify the country your business is located in:

App entity location

Then, identify the entity type of your application:

App Entity Type

If your application is a business, specify whether your business is a corporation, LLC, or partnership. If your application is a nonprofit, specify whether your nonprofit is a nonprofit corporation or an unincorporated association.

Identify your application's industry category and type to help WePay identify an appropriate merchant category code for your account.

Next, fill in your application's business details:

App business details

Next, supply personal details for a controller of your application's business:

App controller details

A controller is a single individual with significant responsibility to control, manage, or direct a legal entity customer, including an executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or any other individual who regularly performs similar functions (i.e., the control prong). This list of positions is illustrative, not exclusive, as there is significant diversity in how legal entities are structured.

Last, supply the personal details for everyone who owns 25% or more of your application's business:

Add app owner details

Add more app business owner details

WePay will verify your information once submitted, typically within 2 business days.

Add Bank Account

Once you've confirmed your account, generated an app token, and submitted all business and personal details, you can add a bank account to receive payouts. As a reminder, you need to fill out KYC information to receive payouts.

Usually, a Controller, VP level, or C-level person is responsible for filling this information by navigating to the Payouts section of the WePay application dashboard and clicking "Add":

Add app's bank account for payouts

If your business is based in Canada, please reach out to your account manager or integration team in order to access the Canadian bank form.

Have your bank account direct deposit routing and account numbers handy:

Add more app bank details

Tell us how often you would like to receive payouts by using the "period" drop down.

While this step isn't necessary to do before making API calls, it's a one-time set up, and lets you receive payouts daily (midnight settlement), weekly (every Monday), or monthly (first of the month). If these days are a bank holiday, it'll be the next day.

Visit our Partner Center guide to learn about business management features and functionalities the Partner Center has to offer.

Subscribe To API Notifications

Notifications are webhooks sent by the API to deliver information about your merchants, payment processing, and payment operations.

The lifecycle follows this general pattern:

Receive a notification from WePay about a payment, merchant, payout, or other operation.
Inspect content of the Notification Signature to ensure that the notification is intact and sent from WePay.
Inspect payload.create_time to determine chronology, not the event_time of the notification itself

If a Notification fails to reach your servers, we will attempt to retry following this pattern:

1st retry will happen 15 minutes after the initial attempt.
2nd retry will happen 30 minutes after the 1st retry.
3rd retry will happen 1 hour after the 2nd retry.
4th retry will happen 6 hours after the 3rd retry.
5th retry will happen 12 hours after the 4th retry.
6th retry will happen 24 hours after the 5th retry.

WePay defines "failing to reach your servers" as receiving any HTTP code other than 200 or 201. This also includes network retries. Due to potential retries, it is important to use the event_time value rather than receipt time to identify the order in which events occur.

When you transition to production on your dashboard, the WePay team will validate your Notifications implementation. Notifications are not stored permanently. If you haven't subscribed to notifications, you won't be able to retrieve older notifications once subscribed. However, once subscribed, Notifications are stored for 30 days.

Subscribe to API Notifications with a POST /notification_preferences request.

Recommended API Notification Subscriptions:

accounts.created
accounts.capabilities.updated
payouts.failed
disputes.created
disputes.resolved
legal_entities.verifications.updated
payments.completed
payments.canceled
payments.failed

Warning

The custom_data parameter may not appear in the notification payload for any given notification topic. To lookup the custom_data parameter for a specific notification, send an API request with the resource ID to the endpoint you would like to access.

Supply Risk Information

As a platform, it's extremely important to make sure you're providing WePay with Risk information about your merchants, payers, and transactions.

WePay has a team of Risk Analysts, plus machine learning models to capture data and ensure fraud is handled correctly. By feeding more data to the system, your platform and merchants have a better chance of minimizing losses and continuing a smooth user experience. Conceptually, we think of Risk as structured meta data you can add to almost every resource on Link except Transaction Records and Recoveries. You either can pass risk bits (rBits) by including them inline with a resource (like Payments), or through a 2-step process by calling the rBits endpoint directly with the associated resource ID (like Accounts).

If required by the WePay team, you may need to send Items and Orders in addition to rBits, to augment your risk data. By providing this data, you'll provide the WePay Risk team with richer data to continue leveraging our sophisticated risk algorithms, and ultimately better protect you and your merchants.

Refer to the Risk Certification to identify standard required rBits, and be sure to work with your WePay integration team to be sure there are no custom modifications which WePay may require.

Add Rbits

We'll first walk through the inline flow. Let's say you're processing payments. All these calls accept an array of rBits, that you define inline.

For example, let's say you want to attach the Transaction Details object to your Payments. You've noticed a significant increase in payments, of which a bunch were spam. As such, you now add in Transaction Details as an rBit to get ahead of the problem.

Copy

Copied

{
  "rbits": [{
    "receive_time": 1367958263,
    "type": "transaction_details",
    "source": "user",
    "transaction_details": {
      "itemized_receipt": [
    	{
    	"amount": 105,
    	"currency": "USD",
    	"description": "Premium lawn service package",
    	"item_price": "100",
    	"project_name": "Lawn service at 123 Fake St.",
    	"quantity": 1,
    	"service_billing_method": "hourly_billing_at_project_rate"
    	}],
      "note": "returning customer, new payment method"
    }
  }]
}

You'll notice that at creation time of a new Payment, an rBit array was included. If you choose to do so, you can pack more rBits into the array.

It's also not necessary to do the inline flow, as you can first create a Payment, and update it with rBits after creation.

Next, we'll walk through the 2-step flow. Let's say you're onboarding merchants and you define rBits after onboarding.

For example, you want to attach the External Account object to merchant Accounts. Once you receive an Account ID from WePay, create an rBit by sending a POST /rbits request like this:

Copy

Copied

{
  "address": {
    "account_type": "facebook",
    "connections": "2000",
    "create_time": 1235635140,
    "feedback_score_percent_positive": 0.87,
    "feedback_scores_provided": "476",
    "is_partner_account": false,
    "uri": "facebook.com.merchantblob"
  },
  "associated_resource": {
    "id": "{merchant-account-id}", // insert the merchant's account ID here
    "resource": "accounts"
  },
  "receive_time": 1367958263,
  "source": "guidestar",
  "type": "address"
}'

View the Full API reference to see where you can add rBits. In general, the more you add to your Accounts and Payments, the better overall experience and minimization of loss for your end merchants and payers.

Resource IDs

Resource IDs returned by WePay's APIs are case-sensitive. For instance, if the following is returned by WePay as an Account ID:

d3f61e56-5d99-4895-af2d-a07ab48476e9

And you can later lookup that same account by making a GET request, even with just one letter in the wrong case:

Copy

Copied

curl -X GET \
  --url 'https://stage-api.wepay.com/accounts/D3f61e56-5d99-4895-af2d-a07ab48476e9' \
  -H 'Accept: application/json'\
  -H 'App-Id: XX'\
  -H 'App-Token: {}'\
  -H 'Api-Version: 3.0'

The account you are attempting to lookup will not be returned.

API Headers

A set of headers are required for all API calls, and certain endpoints conditionally require more. As a reminder, access API credentials here.

All API calls require the below headers:

Header Key	Header Value (example)
App-ID	`123456`
API-Version	`3.0`
App-Token	`stage_MzBfNzM2ZmEwYTItZmQ1My00MYg1LEEwYmMtYzE2MmMzNDIyZDIz`
Content-Type	`application/json`

POST calls to the /payments and /refunds endpoints require "Unique-Key". The value for Unique-Key is defined by you, and we outline strategies in the below Idempotency section.Finally, send Client-IP and WePay-Risk-Token if you are not using the WePay Helper JS Library for the following endpoints:

POST /legal_entities
POST /legal_entities/{id}
POST /accounts -- When the payout structure is being sent
POST /accounts/{id} -- When the payout structure is being sent
POST /payment_methods

API Header Responses

Response headers from WePay will contain an X-Correlation-Id. At a minimum, it should be stored for each /payments and /refunds request, though storing the correlation ID for requests to every endpoint is recommended. These IDs will help with debugging should the need arise.

API Versions

When interfacing with the WePay API, you can select which API version to pass. API versions are compatible with other versions, so you could make a call to certain endpoints using v3.1, and to others as v3.0.

If you do not need to use different versions, it's completely fine to use a single version. The latest version is 3.0.

API Rate Limits

By default, the API rate limit is 30 requests per endpoint and per account every 10 seconds on a sliding window.

The endpoint API rate limit ensures that if a single service (like creating payments with POST /payments) sees a spike, then other services will not be impacted (such as finding accounts with GET /accounts).The account API rate limit ensures that if a single merchant's Account ID sees a spike in POST /payments requests, other merchants' ability to create payments will not be impacted. Note that this rate limit is specific to the /payments endpoint.The rate limit is calculated using the sliding window algorithm, meaning that API requests are measured on a rolling basis. If the limit is exceeded, an API error will return and the details will indicate which throttle (endpoint or account) was activated.Example
If your app attempts to send a total of 31 requests to a single endpoint in a sampling period of 10 seconds, then the last request in chronological order will receive the THROTTLE_EXCEEDED API error. If 31 requests were sent in the first second, you will be able to successfully send new requests at 11 seconds. On the other hand, if 15 requests were sent on second 9, and 16 requests were attempted on second 10 (1 would be throttled on second 10), you will then be able to send 15 un-throttled requests on second 19 (once second 9 is no longer included in the sliding window), and another 15 on second 20.

As another example, say your app hit the same endpoint with 3 requests per second for seconds 1-9, and then sent 4 requests on second 10. The last request to come in would receive an error, and you would be able to send another successful request on second 11.

If you have a business use case that requires a higher rate limit, please speak to your account manager or API Support, at api@wepay.com.

Default Permissions

When you register for API credentials with WePay, your credentials will have access to certain components by default. In order to get access to permissioned features, work with your WePay integration team.

Sending calls to endpoints or with parameters which are not included in the default permissions will result in the following error

Copy

Copied

{
	"error_code": "NOT_AUTHORIZED",
	"error_message": "FEATURE_NOT_ENABLED_FOR_APPLICATION"
}

During your planning, take note of each permissioned feature you'd like access to and submit a request to your account manager, technical account manager, or WePay's developer support (api@wepay.com). Your request should include:

Your platform's stage app-id
A high-level description of your business
Your business use case for the specific feature(s) being requested

When you register for API credentials with WePay, your app will automatically be configured with Default Permissions. If you want to use any features with Gated Permissions, be sure to work with your WePay integration team to get access. Keep in mind that Gated Permission features may have prerequisites or other requirements that you must meet.

Gated Link Permissions
Legal Entities
`POST /legal_entities` `POST /legal_entities/{id}` `POST /legal_entities/{id}/set_controller_password` `POST /legal_entities/{id}/verifications`
Accounts
`POST /accounts` `POST /accounts/{id}/capabilities`
Payouts & Payout Methods
`POST /payout_methods` `POST /payout_methods/{id}`
Payment Methods
`POST /payment_methods` with any of the following paramters: `credit_card` -- `cvv` in this structure is required unless specific permission is granted from WePay to omit `credit_card.auto_update` `credit_card.virtual_terminal_mode` `payment_bank_us`
Payments
`POST /payments` with any of the following parameters: `payment_method.credit_card` -- `cvv` in this structure is required unless specific permission is granted from WePay to omit `payment_method.credit_card.auto_update` `payment_method.credit_card.virtual_terminal_mode` `payment_method.payment_bank_us`
Disputes
`POST /disputes/{id}` `POST /disputes/{id}/concede`
Terminals and Session Tokens
`GET /terminals` `GET/terminals` , `POST /terminals/{id}` `POST /terminals` `DELETE /terminals/{id}` `POST /terminals/{id}/activate` `POST /terminals/{id}/deactivate` `POST /session_tokens`

Idempotency

Making GET calls will not modify resources, and sending a POST to an endpoint will update the fields provided in the POST body only. If you'd like to delete a field in an object, send a POST with the field set to NULL. For complex objects, like beneficial owners-- where you may not have all data at once--pass an empty object, like . This lets you progressively update the Legal Entity object.

In error scenarios, retrying a payment and refund can lead to overcharging a payee or drawing too much from a merchant. In order to safeguard against these scenarios, you will use the "Unique-Key" key and unique value (generated by you) in the request header. You can use any value for the Unique Key, as long as it's unique.

As an example, let's say your platform handles rent between landlords and tenants. A good unique key could be the tenant's payment date, so that double payments do not occur.

For all POST calls made to /payments and /refunds, you are required to send "Unique-Key" in the header. The Unique-Key requirement makes these POST requests idempotent and safe, nullifying duplicate successful requests. For all other POST calls, the Unique-Key is optional. In general, a Unique-Key is valid for 24 hours.

For more information on error handling and retry strategies, see the Design A Retry Strategy cookbook.

Using Magic Headers

Magic header values trigger a given behavior by including a magic value for the WePay-Magic-Behavior key in the call header. These calls will return static responses, regardless of the API request body that you send, and are intended to provide the full structure of a response under certain circumstances for you to model additional testing and development against. Making idempotent POST/ payments requests to test your application is made easy with the use of Idempotency_Downtime_xxx and Idempotency_Retry_xxx as Magic Headers. Idempotency_Retry_xxx will delay the next xxx requests by returning simulated 500 errors. Requests sent with this unique key, Idempotency_Downtime_xxx, will return simulated 500 errors over the next xxx seconds. Notes, that you are responsible for defining xxx with the amount of requests or seconds you'd like the Magic Header to effect.

Errors

WePay's API follows standard API conventions with errors. You can view the API reference documentation for an exhaustive list of error codes. Throughout the integration guide, we will also highlight special errors and remediation strategies.

Avoid Hanging API Requests

Our API services will timeout after 30 seconds if no response is returned within that timeframe. It is recommended that you adjust your timeout settings to reflect this, in the case that your API request takes a little longer to process.

Handle 500s

In general, 500 HTTP errors indicate that an unknown error occurred and are safe to implement your retry logic for. See Design A Retry Strategy to create the best retry logic for your particular integration with WePay.

Note that 503 errors indicate that a known issue caused the error, but that the request can be retried at a later time.

In the case of a 500 returned on /payments or /refunds, you will need to implement proper retry logic, depending on a Card Present (CP) or Card Not Present (CNP) transaction flow.

Card Not Present transactions

In general, you should implement a back-off strategy upon receiving the first 5xx error code (like an exponential back-off). If a 5xx HTTP error returns for a request with a unique key the first time, resend the request with the same unique key, and carry on until you reach the threshold for your exponential back-off window (or the payment succeeds with a non 5xx error code).

If you use a different unique-key during your back-off, you run the risk of double-authenticating a payment. If you receive the API Error Code CONCURRENT_UNIQUE_KEY_REQUEST_IS_PROCESSING, you can keep retrying safely.

If you reach the end of your retry window for back-off, grab the correlation-ID in the response header, and escalate the payment issue to WePay.

Card Present transactions

Like CNP transactions, in general, you should implement some type of back-off strategy when handling 5xxs. With CP transactions, however, a successful authentication at the terminal is sufficient to let a payer walk away from the terminal. Put another way, if you receive an encoded_payment_method, an authentication has happened and you can attempt to execute a payment with the same error handling as the above Card Not Present section.

Handle 400s

If a 4xx HTTP error returns for a request with a unique key, that Payment cannot be processed. This means that new information must be submitted by the user, and a new unique key should be used on the new request. Refer to error code documentation here for further information on error responses.

Note

If you receive the API Error Code THROTTLE_EXCEEDED.APPLICATION_REQUEST_THROTTLE_EXCEEDED, RESOURCE_CONFLICT, or CONCURRENT_UNIQUE_KEY_REQUEST_IS_PROCESSING, you can handle either of them as a 5xx HTTP error.

Custom Data

Custom data refers to a key-value object that can be passed in most API calls. The point of custom data is to add any additional metadata you need to store for resources, that you can't store using predefined fields. There is a limit of 10kb for custom data objects.

As an example, let's say you wanted to create a Payment resource, and wanted to store the payer's user name on your platform in the WePay Payment API object. You could add a key value pair to custom data, like so:

Copy

Copied

"custom_data": {
    "merchant_username": "merchant1"
}

And any time you retrieve or update this payment, the custom data will be stored and returned. Custom data is a JSON object, and allows for nesting. The API will not overwrite custom data, and will append new keys/values. If you'd like to remove keys and values, assign existing keys to null, or, to remove the keys, set custom_data to null, and re-add data. Do not send personally identifiable information (PII) through custom data.

Custom Data is available on all API resources, except:

rBits
Orders
Items

Warning

custom_data may not appear in the notification payload for any given notification event topic. To lookup the custom_data parameter for a specific notification, send an API request with the resource ID to the endpoint you would like to access.

Handle Communications

WePay will handle payment-related communications to your end users. There are a few exceptions:

Micro deposit emails for manually verified bank account payment methods

Despite that, it is beneficial to subscribe to Notifications just to be aware of what communication is being sent to Merchants and payers on your platforms. When deciding which notifications to subscribe to, it is important to note that implementing Notification Signatures ensures a higher level of security by validating that all notifications are coming from WePay.

Below are recommended Notification event topics to subscribe to related to end user email communications:

Scenario	Notification Event Topic(s)
Complete onboarding	`accounts.created` `accounts.capabilities.updated`
Disabled Account Capabilities	`accounts.capabilities.updated`
Invalidated Payout Method	`payouts.failed` `accounts.capabilities.updated`
New Dispute	`disputes.created`
Resolved Dispute	`disputes.resolved`
Legal Entity details require an update	`legal_entities.verifications.updated`
Supporting documentation is required for Legal Entity Verifications	`legal_entities.verifications.updated`
Payment receipt	`payments.completed`
Canceled Payment	`payments.canceled`
Failed Payment	`payments.failed`
Failed Payout	`payouts.failed`

Questions? Need help? Visit our support page!