Paddle Logo
Paddle Classic
Get Started
Guides
API Reference
Webhooks
Reference
Search
Login
Developer Changelog
Release Notes
2023
February 8 – Inline checkout improvements
2022
November 14 – New webhook allowlist IP addresses
October 17 – Custom data returned as a JSON encoded strings
September 6 – Alert ID added to webhook history
August 14 – Sensitive webhook data now removed
August 12 – Custom data now available

Sensitive webhook data now removed

Released on August 14, 2022

With the recent release of multi-destination webhooks, all destinations were receiving all events that your account was subscribed to. This included all data within those events.

Some fields within certain events were not designed to be shared and an unintended side effect of allowing many webhook destinations was that this data was finding its way to third party providers. We have now restricted this.

How does it work?

The first endpoint in your list of webhook destinations is now labelled as your primary URL and should be your own application server. This destination will receive all, unfiltered event data. The rest of your destinations will always have sensitive data removed from the payloads.

We consider the following to be sensitive fields:

  • cancel_url
  • update_url