I'm not receiving webhook events
Updated June 29, 2026
If your endpoint isn't receiving Passmint events, the cause is almost always how your endpoint responds, or which events you subscribed to. Work through these.
Your endpoint must return 2xx within 10 seconds
Passmint treats a delivery as successful only when your endpoint returns a 2xx status within 10 seconds. If it returns an error, redirects, or takes longer than 10 seconds, the delivery is counted as failed and retried.
A common trap is doing slow work (saving to a database, calling another API) before responding. Instead, acknowledge fast: return 2xx immediately, then process the event in the background. A slow handler looks like a failure even when nothing is wrong.
Check the retry schedule
A failed delivery is retried up to seven times, with growing gaps between attempts:
- immediately,
- after 30 seconds,
- after 5 minutes,
- after 30 minutes,
- after 2 hours,
- after 12 hours,
- after 24 hours.
If all seven attempts fail, the delivery is marked dead and isn't retried automatically.
Confirm what you subscribed to
In Developers → Webhooks, check that your endpoint is subscribed to the events you
expect. To receive everything, subscribe to all events with the * wildcard. If
you're only subscribed to pass.added_to_wallet, you won't see updates or removals.
Look at recent deliveries
The webhooks page shows your recent deliveries with their status (delivered, pending, in progress, or dead). This tells you whether Passmint is sending and what your endpoint returned:
- Delivered — working.
- Dead or repeatedly failing — your endpoint rejected it or timed out. Check your logs for what it returned.
Replay failed deliveries
Once you've fixed your endpoint, replay a failed or dead delivery from the dashboard. Replaying resets it and sends it again, so you don't lose the events that failed while your endpoint was down.
Verify the signature on incoming requests so you know they're really from Passmint.
Each request is signed with HMAC-SHA256 in a header of the form
t=<timestamp>,v1=<signature>. The
webhooks reference shows how to check
it.