PayZuPayZu Docs

Webhooks

DepositsWithdrawalsGlossaryAuthentication

The API sends a POST request to the callbackUrl provided when creating the charge or withdrawal whenever the status changes. The body is JSON with the updated transaction data.

What is a webhook (callback)

Instead of your system constantly asking "has it been paid yet?", PayZu calls you when something happens.

How to configure

Pass callbackUrl on every creation (POST /pix, POST /withdraw, etc):

{
  "amount": 99.90,
  "callbackUrl": "https://seusite.com.br/webhooks/payzu",
  "clientReference": "order-2025-001"
}

The endpoint must be publicly accessible and respond with HTTP 2xx within 5 seconds, accepting:

Content-Type: application/json

Retry system

PayZu resends the callback up to 72 times with exponential backoff and jitter when it does not receive 2xx within 5 seconds.

Fields sent

Identification

FieldTypeDescription
idstringUnique identifier of the transaction at PayZu
clientReferencestringExternal identifier you provided
typestringDEPOSIT or WITHDRAW
statusstringSee Transaction status
amountnumberAmount in reais (BRL)
serviceFeeChargednumberFee charged

Generated charge

FieldTypeDescription
qrCodeTextstringPix copy-and-paste code (EMV)
qrCodeBase64stringQR image in Base64
qrCodeUrlstringPublic URL of the QR as PNG
generatedNamestringReference name
generatedDocumentstringCPF or CNPJ
generatedEmailstringLinked email

Payer

FieldTypeDescription
payerNamestringPayer's name (if available)
payerDocumentstringPayer's document
payerInstitutionIspbstringISPB of the payer's institution
payerInstitutionNamestringName of the institution

Receiver

FieldTypeDescription
receiverNamestringReceiver's name (if provided)
receiverDocumentstringReceiver's document
receiverInstitutionIspbstringISPB of the receiver's institution
receiverInstitutionNamestringName of the institution

Withdrawal by key

FieldTypeDescription
withdrawPixKeystringPix key used in the withdrawal
withdrawPixTypestringSee Key types

Timestamps and infraction

FieldTypeDescription
createdAtstringWhen the transaction was created (ISO 8601)
updatedAtstringLast update
paidAtstring | nullWhen it was paid (null if not yet paid)
endToEndIdstringEndToEnd ID of the Pix
infractionobject | undefinedPresent only in case of MED dispute, see Glossary

Best practices

  • Respond fast: return 2xx in under 5s. Process heavy work in a queue
  • Idempotência: store id + status to deduplicate
  • Use clientReference: pass an external identifier on creation
  • Restrict by IP: accept callbacks only from the official PayZu IP

Support

Open ticketSupport portal

Relatório de Performance

Analise métricas detalhadas do seu negócio. Visualize volumes transacionados, taxas de conversão e tendências por período.

Glossário

Status de transação, tipos de chave Pix, infrações (MED), tipos e campos comuns da API Conta Digital.

On this page

What is a webhook (callback)How to configureRetry systemFields sentIdentificationGenerated chargePayerReceiverWithdrawal by keyTimestamps and infractionBest practicesSupport