Optional webhook — This webhook is completely optional. Unpaid transactions expire normally without it. Configure
transaction_expiration_notif_url only if you need batch expiration notifications for unpaid transaction attempts. For expired products (payment links, VAs, QRIS codes), see Product Expiration.Information
| Method | Path | Format | Authentication |
|---|---|---|---|
| POST | https://your-webhook-url/callback | json | HMAC SHA512 Signature |
POST request to your configured transaction_expiration_notif_url when money-in transactions expire before payment is completed. This is a batch notification that can include multiple expired transaction records in a single call.
Batch notification: One webhook may contain expired Payment Link Histories, Virtual Account Transactions, and QRIS Histories together. Arrays can be empty when no transactions of that type expired. If
transaction_expiration_notif_url is not configured, no transaction expiration webhooks are sent.Request Details
Headers
| Field | Value | Type | Mandatory | Description |
|---|---|---|---|---|
Content-Type | application/json | Alphabetic | Yes | Specifies JSON format for the request body |
User-Agent | SingaPaymentGateway/1.0 | Alphabetic | Yes | Identifies the source of the webhook |
Accept | application/json | Alphabetic | Yes | Expected response format |
X-PARTNER-ID | — | Alphanumeric | Yes | Your API Key from the merchant dashboard |
X-Signature | — | Alphanumeric | Yes | HMAC SHA512 signature (128 chars) for request verification |
X-Timestamp | — | Numeric | Yes | Unix timestamp in seconds when the request was sent |
Authorization | Bearer <random_token> | Alphanumeric | Yes | System-generated random bearer token; used as a component in the signature |
The
Authorization token is a randomly generated string — not a user access token. This webhook is triggered by the system’s scheduled expiration checker, not a user API call. Extract the token as-is and use it in the string to sign. See How to Validate Signature below.Body Parameters
HTTP status code. Example:
200Indicates whether the webhook was sent successfully. Example:
trueEvent type identifier. Always
"transaction_expiration" for this webhook.Event timestamp in format
"d M Y H:i:s". Example: "26 Dec 2025 14:00:00"Merchant information.
Container for expired transactions. Each array is always present and may be empty.
Summary counts for the batch.
Payload Examples
Security and responses
Return HTTP200 promptly after validating the request. For retry behavior, see Webhook retry mechanism.
Verify every webhook using Security and signature validation. Use your configured callback path when building StringToSign.
Handle duplicate deliveries idempotently using stable identifiers from the payload (for example transaction_id or reff_no).
Transaction money-in expiration specific notes
When to use this webhook
Use when
- Track unpaid invoices and abandoned payment attempts
- Automated follow-up and remarketing for expired sessions
- Conversion and abandonment analytics
- Alert collections on high expiration volumes
Skip when
- You poll transaction status via API on demand
- You only need product-level expiration (Product Expiration)
- Manual monitoring is sufficient
Transaction vs product expiration
| Aspect | Transaction expiration (this webhook) | Product expiration |
|---|---|---|
| What expires | Unpaid transaction attempts / records | Payment products themselves |
| Payment link | Payment link history (one attempt) | Payment link (the product/page) |
| Virtual account | VA transaction (one unpaid txn) | Virtual account (the VA number) |
| QRIS | QRIS history (one attempt) | QRIS transaction (the QR product) |
| Use case | Abandoned payments, follow-up reminders | Product cleanup, inventory management |
| Reusability | Parent product can still be reused | Product is expired and cannot be reused |
- Customer opens a payment link at 10:00 — creates a payment link history (expires 10:30 if unpaid).
- At 10:30 — this webhook reports the expired history; the payment link itself remains active.
- Customer opens the same link at 11:00 — a new history is created.
- End of day — payment link product expires — Product Expiration fires; the link can no longer accept new attempts.
payment_link.inquiry.expired).
Batch notification
- Multiple transaction types in one payload
- Scheduled cron execution (not real-time)
- Empty arrays are normal when a type had no expirations
Process batch
Transaction types included
| Array | Record type | Parent ID field | Note |
|---|---|---|---|
data.payment_link_histories | Unpaid payment link attempt | payment_link_id | Parent link stays active |
data.virtual_account_transactions | Unpaid VA transaction | virtual_account_id | Parent VA stays active |
data.qris_histories | Unpaid QRIS attempt | qris_transaction_id | Parent QRIS may stay active |
Fetch parent payment link
Simplified payload
Minimal fields per transaction to keep batch payloads small. Not included: amount, currency, customer details, payment method, VA number, QR string, created/updated timestamps. Query byid, reff_no, or parent product ID via API when you need full details.
Timestamp format
| Field | Format | Example |
|---|---|---|
timestamp (root) | d M Y H:i:s | 26 Dec 2025 14:00:00 |
expired_at (per item) | Y-m-d H:i:s | 2025-12-26 14:00:00 |
X-Timestamp (Unix seconds in the header).
Idempotency
Summary statistics
Scheduling and timing
Triggered by a system cron job (frequency varies — confirm with SingaPay support). Not real-time; allow delay between expiration and notification. For immediate handling, poll via API or use individual transaction webhooks.Recommended practices
- Use both optional expiration webhooks — transaction expiration for abandonment; product expiration for inventory cleanup.
- Set sensible session timeouts — e.g. 15–30 minutes for payment links, longer for VA invoices, shorter for in-store QRIS.
- Limit remarketing frequency — avoid spamming customers who abandon repeatedly.
- Correlate with success webhooks — compare expired vs paid volumes to tune expiry settings and UX.
