EBANX sends a notification each time a payment status changes, which consists of an HTTP POST to an URL specified on your Dashboard.

The following parameters are sent:


It’s also possible that is sent an an array of hashes separated by commas:





The value is always payment_status_change.



Event that triggered the notification:

  • update: the payment status has changed from PE to CO or CA.
  • chargeback: a chargeback was issued for this payment.
  • refund: a refund was issued for this payment.
  • chargeback_credit: a chargeback credit was issued for this payment.



A single hash or an array of hashes separated by commas.

We expect a HTTP 200 code as a response.

After receiving the notification, you should call the API method query to fetch the current payment status, and then use it to process the payment on your system.

Notification signature

EBANX signs every notification request using a private certificate and send the signature in the HTTP headers. The merchant can verify if the request really came from EBANX by validating the digital signature using our public certificate.

The available certificates and their fingerprints are shown on the table below:

Fingerprint Certificate
4ABAD89CF66B99998465470550EB15E3E271A246 Download

EBANX will send the following headers in the notification request:

X­-Signature­Type: rsa,sha1
X­-Signature­Fingerprint: 4ABAD89CF66B99998465470550EB15E3E271A246
X-­Signature­Content: xh5hstzZt5Rf5ihNzbfFfkmN89askd...DrHJAnzHgaf2vzA==


The signing algorithm. EBANX will always use RSA/SHA1.


The signature fingerprint. It indicates which certificate was used to sign the notification.


The signed payload, encoded as a Base64 string.

The signature can be validated in PHP as follows:

$cert      = file_get_contents('ebanx-notifications-public.pem');
$data      = file_get_contents("php://input");
$signature = base64_decode($_SERVER['HTTP_X_SIGNATURE_CONTENT']);

// http://php.net/manual/en/function.openssl-verify.php
$result = openssl_verify($data, $signature, $cert);

if ($result === 1)
  echo "OK, signature is correct.";
  echo "ERROR, the signature is incorrect.";