Webhooks User Guide

This document is a comprehensive guide to CCBill Webhooks and is intended for users with advanced coding skills.

It includes detailed instructions for configuring your system to receive Webhook data. You will learn how to send customer information to the CCBill payment form, the data variables involved, and how those variables are used to track and manage transaction events on your account.

Enable and Configure Webhooks

To configure Webhooks:

1. Log in to the Admin Portal.

2. Use the dropdown menu to select a specific subaccount.

3. Click Webhooks in the left-side menu.

4. In the Webhook URL field, enter the URL where you want to receive posts.

Activating Webhooks in the Admin.

5. Select one of the available Webhooks data formats:

  • JSON. Follows the JSON (JavaScript Object Notation) open-standard format and uses the content type application/json.
  • URL Encoded. Uses the content type application/x-www-form-encoded (original format).

6. Select the post types you wish to subscribe to. Click All to select all types or individually select checkboxes for specific post types.

7. To minimize latency, select the Satellite Location closest geographically to the server hosting the URL you entered in step four. Available locations include:

  • Phoenix, Arizona
  • Ashburn, Virginia
  • Amsterdam, Netherlands

8. Click Update to save the configuration.

After at least one Webhooks configuration has been saved, you will be presented with the option to edit, remove, add, or select notification versions. You may add up to four (4) Webhooks URLs.

Webhooks Versioning

Since October 2013, Webhooks have supported versioning to ensure backward compatibility. Changes to the Webhooks system will not disrupt existing configurations.

A ChangeLog at the end of this document summarizes changes for each version.

Whenever you create a new Webhooks configuration, it automatically uses the latest Webhooks version. Existing Webhooks configurations created under older versions can optionally be upgraded. Note the following rules for updating existing configurations:

  • Adding a new event to an existing configuration will cause only the newly added event to use the latest Webhooks version. Previously configured events will continue to use their original versions.
  • Updating the URL of an existing Webhook configuration does not upgrade it to a new Webhook version.

Webhooks IP Ranges

You will receive Webhooks from the following CCBill IP ranges:

  • 64.38.212.1 - 64.38.212.254
  • 64.38.215.1 - 64.38.215.254
  • 64.38.240.1 - 64.38.240.254
  • 64.38.241.1 - 64.38.241.254

You can use this information to set up firewall rules or confirm the validity of a Webhook from within your application.

URL Parameters

Webhooks send 4 URL parameters with posts to let you know what type of Webhook is contained in the post. The following parameters are sent:

clientAccnumThe Merchant's account number.
clientSubaccThe Merchant subaccount number.
eventTypeThe Webhook event being sent, such as NewSaleSuccess or Expiration.
eventGroupTypeThe event group to which the event type belongs. At this time, only Subscription is a valid option.

The URL Parameters comprise the first line in the following Webhooks Post example:

URL Encoded Format

POST /webhooks.php?clientAccnum=999999&clientSubacc=9999&eventType=Expiration&eventGroupType=Subscription HTTP/1.1
X-Allowed-Satellites: PHX,ASH,AMS
Content-Type: application/x-www-form-urlencoded
Content-Length: 102
Host: merchanturl.com
User-Agent: Java/1.6.0_03
Via: 1.1 wmq1.ccbill.com:3129 (squid/2.7.STABLE5), 1.0 internal
Cache-Control: max-age=0
Connection: keep-alive

clientAccnum=999999&clientSubacc=9999&subscriptionId=0913024401000012340&timestamp=2013-01-25 03:22:44

JSON Format

POST /webhooks.php?clientAccnum=999999&clientSubacc=9999&eventType=Expiration&eventGroupType=Subscription HTTP/1.1
X-Allowed-Satellites: PHX,ASH,AMS
Content-Type: application/json
Content-Length: 102
Host: merchanturl.com
User-Agent: Java/1.6.0_03
Via: 1.1 wmq1.ccbill.com:3129 (squid/2.7.STABLE5), 1.0 internal
Cache-Control: max-age=0
Connection: keep-alive
{"clientAccnum":"999999","clientSubacc":"9999","subscriptionId":"0913024401000012340","timestamp":"2013-01-25 03:22:44"}

Variable Reference

CCBill has a set of specified system variables that can be used to pull data from CCBill’s system. Two variable sets are used, one for each of the following situations:

  • Payment Form. These variables are used to pre-fill the payment form. Naming the variables correctly, as listed below, will ensure the data is properly stored in CCBill’s system as the variables are intended.
  • Return. These variables are sent to the Webhook URL, depending on the transaction's outcome.

In both cases, custom variables will be sent exactly as they were entered. System variable names must be entered exactly as they appear in this list.

Payment Form Variables

The following chart lists each variable that can be pre-filled in the payment form:

Variable NameDescription
customer_fnameConsumer first name.
customer_lnameConsumer last name.
address1Consumer address.
emailConsumer email address.
cityConsumer city.
stateConsumer state.
zipcodeConsumer Zip Code.
countryConsumer country.
phone_numberConsumer phone number.
usernameConsumer username.
passwordConsumer password.

The following variables can also be passed into the payment form but are not shown on the form:

Variable NameDescriptionExample Value
refererCCBill affiliate ID number. This value is passed as ‘reseller’ when using Traffic Manager to cascade to Epoch forms.1626321
formNameThree or more character codes identifying the form.13cc
confirm_passwordConfirm the password on the signup form.0 or 1 (yes or no)
subscriptionTypeIdSubscription Type ID.0108191202000001259
allowedTypesThe subscription options that will appear on the form; this value is generated automatically in the Admin.0000003761:840, 0000004607:840

Passing Variables to the Payment Form

Variables can be passed to the payment form to pre-fill consumer information. This can be implemented for multi-part forms, custom tracking, and other implementations.

Variables are passed to the payment form from the preceding page through an HTML form or by passing in the variables through a URL string.

URL String Example

https://bill.cbill.com/jpost/signup.cgi?clientAccnum=900000&clientSubacc=0001&formName=211cc&language=English&allowedTypes=0000003761:840,0000004607:840,0000060248:840,0000063750:840,0000060752:840&subscriptionTypeId=0000004657:840

HTML Form Fields

<form action='https://bill.ccbill.com/jpost/signup.cgi' method='POST'>
  <input type='hidden' name='clientAccnum' value='900000'>
  <input type='hidden' name='clientSubacc' value='0001'>
  <input type='hidden' name='formName' value='211cc'>
  <input type='hidden' name='language' value='English'>
  <input type='hidden' name='allowedTypes' value='...'>
  <input type='hidden' name='subscriptionTypeId' value='0000004657:840'>
  <input type='submit' name='submit' value='Join Now'>
</form>

Custom Variables

Custom tracking variables can also be sent to the form. These values will be posted back to the Webhooks URL when the transaction is complete. To define these variables, specify a variable name and a value in the same manner as the other variables being passed.

Optional custom tracking variables can be added manually by creating additional HTML form fields or passing the additional variables into the URL string, depending on the chosen submission method.

The following example shows a basic HTML button code with two custom variables added. The button created will, when clicked, take the consumer to the CCBill payment form while passing in the two custom variables:

Example HTML Button Code with Custom Variables

<form action='https://bill.ccbill.com/jpost/signup.cgi' method=POST>
<input type=hidden name=clientAccnum value='900000'>
<input type=hidden name=clientSubacc value='0001'>
<input type=hidden name=formName value='211cc'>
<input type=hidden name=language value='English'>
<input type=hidden name=allowedTypes value='0000003361:840,0000004657:840,0000060748:840,0000060750:840,0000060752:840'> <input type=hidden name=subscriptionTypeId value='0000004657:840'>
<input type=hidden name=customVarName1 value=customVarValue1>
<input type=hidden name=customVarName2 value=customVarValue2>
<input type=submit name=submit value='Join Now'>
</form>

customVarName1 and customVarName2 are only example variable names. You can assign any name and variable that suits your requirements.

Always perpend Pass-through Key/Values with X-.

Dynamic Variables in Custom Scripts

Information can also be passed to the CCBill payment form using dynamic variables in a custom script. A custom HTML form can call the script, sending the variables to the CCBill payment form.

The form you create will pass data entered by the consumer to the next form, which will then pass the variables to the CCBill payment form. Upon completion of the transaction, data will be sent to the Webhooks URL.

Perl/CGI Example for Hidden Field Generation

print "<input type=hidden name=customer_fname value='$cust_first_name'>";

Other languages will have different statements and syntax for data output, such as print or echo statements in PHP. Link code can also dynamically generate variables in a similar fashion.

Receiving Data

When a transaction event occurs, CCBill sends variables back to your Webhook URL. These typically mirror the Payment Form variables plus consumer-entered information, along with additional status-related data (e.g., subscriptionId, timestamps, etc.). The exact return variables can differ by event type (sale, cancellation, etc.).

Data can be captured in multiple ways depending on the language in which the Webhooks script is written. For example:

Using PHP to Capture Data

$fname = $_POST["customer_fname"]

Using Perl/CGI to Capture Data

$fname = param("customer_fname")__

Other languages may use different functions to capture POST data. Variable names must match those specified in this guide.

Once the script captures these variable values, the script can handle the data in any manner specified in the script, such as inputting the information into a database.

Webhooks Notifications

The following sections detail the notifications that Webhooks can send to your URL and list the variables included in the notification push. Click the notification type to review individual parameters.

Appendix A: Currency Codes

Currency Numeric CodeCurrency Letter CodeCurrency Name
036AUDAustralian Dollar
124CADCanadian Dollar
392JPYJapanese Yen
826GBPUnited Kingdom Pound
840USDUnited States Dollar
978EUREuro Member Countries

Appendix B: Decline Codes

Decline CodeDecline Text
1Website is not available for signup.
2Unable to determine website signup requirements.
3Your card type is not accepted, please try another type of credit card
4Banking System Error
5The credit card you entered is not valid
6Please check to ensure you entered your expiration date. Used to show individual corresponding yearly, monthly or daily dates for report data. The date function's format is year-month-day; for example, 2002-01-01. correctly
7Please check to ensure you entered your bank account number correctly
8Please check to ensure you entered your bank's routing number correctly
9Banking System Error, please try again
10Website has invalid pricing
11Transaction Declined
12You currently have a subscription and are unable to signup
13You have already had a free trial
14You must enter your CVV2 number on the back of your card
15Your account is currently being processed, please check the website you are joining to see if you have access. If not, please contact support@ccbill.com
16Subscription ID Provided is invalid
17Subscription ID does not exist in system
18Previous Transaction Attempt in request was declined
19You are not authorized to signup with the provided credentials
20No Decline
21You have already had a trial, please select a normal recurring membership option
22Error contacting bank, please try again later
23Invalid Credit Card Provided
24Transaction Denied by Bank
25Bank Error
26Card Processing Setup Incorrect for Merchant
27System Error, Please Try Again
28We are unable to process your transaction at this time. Please try again at a later time
29Card Expired
30We are unable to bill the telephone number provided for this transaction. Please return to the website and choose an alternate payment method.
31Insufficient Funds
32You must provide CVV2 to complete transaction
33Unable to determine transaction type
34Error contacting bank, please try again later
35Card Declined at Pre-Auth SC
36Unable To Contact Bank
37We currently do not process for your bank's bin
38Transaction Refused by Issuing Bank
39You Have Submitted Too Many Times Today
40The Card you are using is not accepted by this Merchant
41Merchant Inactive
42Incorrect Address Provided
43We are unable to process your telephone billing transaction because your provider only allows for one charge, per telephone number, per day, and our records show that you have an existing daily charge to this telephone number. Please return to the website and choose an alternative payment method.
44We're sorry, at this time prepaid cards are not allowed. Please try a different card type.
45Transaction requires additional approval: please refer to your confirmation e-mail for further instructions.

Changelog

Release 12 - 2025-04-29

The cardSubType parameter was added to specify the card type used in the transaction.

Affected Webhooks

  • CrossSaleFailure (v5)
  • CrossSaleSuccess (v6)
  • NewSaleFailure (v5)
  • NewSaleSuccess (v8)
  • RenewalFailure (v5)
  • RenewalSuccess (v7)
  • UpgradeFailure (v4)
  • UpgradeSuccess (v5)
  • UpSaleFailure (v5)
  • UpSaleSuccess (v7)

Release 11 - 2025-02-17

Enhancements

  • Webhook event processing optimized.
  • No new parameters introduced.

Updated Event Versions

  • Void (v5)
  • BillingDateChange (v2)
  • Cancellation (v2)
  • Chargeback (v5)
  • CrossSaleFailure (v4)
  • CrossSaleSuccess (v5)
  • CustomerDataUpdate (v5)
  • Expiration (v2)
  • ManualAdd (v2)
  • NewSaleFailure (v4)
  • NewSaleSuccess (v7)
  • Refund (v5)
  • RenewalFailure (v4)
  • RenewalSuccess (v6)
  • Return (v5)
  • UpgradeFailure (v3)
  • UpgradeSuccess (v4)
  • UpSaleFailure (v4)
  • UpSaleSuccess (v6)
  • UserReactivation (v2)

Release 10 - 2022-04-21

Two new parameters were added to support 3DS authentication results.

New Parameters

  • paymentAccount
  • scaResponseStatus

Affected Webhooks

paymentAccount added to:

  • CrossSaleFailure (v3)
  • CrossSaleSuccess (v4)
  • UpSaleFailure (v3)
  • UpgradeFailure (v2)
  • UpgradeSuccess (v3)

scaResponseStatus added to:

  • CrossSaleFailure (v3)
  • CrossSaleSuccess (v4)
  • UpSaleFailure (v3)
  • UpSaleSuccess (v5)
  • UpgradeFailure (v2)
  • UpgradeSuccess (v3)

Release 9 - 2020-02-11

Added new parameter for tracking 3DS authentication results.

New Parameter

  • threeDSecure

Affected Webhooks

  • NewSaleSuccess (v6)
  • NewSaleFailure (v3)

Release 8 - 2019-07-23

New Parameters

  • expDate
  • last4
  • paymentAccount

Affected Webhooks

  • UpSaleSuccess (v4)

Release 7 - 2017-7-19

New Feature

Webhook delivery now supports JSON format in addition to URL Encoded.

Release 6 - 2017-06-01

New Parameters

  • paymentAccount
  • accountingCurrency
  • currency
  • billedCurrency

Affected Webhooks

paymentAccount added to:

  • CustomerDataUpdate (v4)
  • Chargeback (v4)
  • Refund (v4)
  • Return (v4)
  • RenewalSuccess (v5)
  • Void (v4)

accountingCurrency added to:

  • Chargeback (all versions)
  • Refund (all versions)
  • RenewalSuccess (all versions)
  • Void (all versions)

currency added to:

  • Chargeback (all versions)
  • Refund (all versions)
  • Void (all versions)

billedCurrency added to:

  • RenewalSuccess (all versions)

Release 5 - 2017-05-11

Three new parameters were added to enable merchants to track the card BIN, payment method, and type of card used.

New Parameters

  • bin
  • paymentType
  • cardType

Affected Webhooks

bin added to:

  • NewSaleSuccess (v5)
  • UpgradeSuccess (v2)
  • UpSaleSuccess (v3)
  • CrossSaleSuccess (v3)
  • CustomerDataUpdate (v3)
  • Chargeback (v3)

paymentType added to:

  • Chargeback (v3)
  • Return (v3)
  • Refund (v3)
  • RenewalSuccess (v4)
  • RenewalFailure (v3)
  • Void (v3)

cardType added to:

  • Chargeback (v3)
  • Refund (v3)
  • RenewalSuccess (v4)
  • RenewalFailure (v3)
  • Void (v3)

Release 4 - 2017-04-13

Security Enhancement

TLS 1.2 support added for secure transmission.

New Parameters

  • expDate Provides card expiration date.
  • last4 Returns last 4 digits of card/bank account.

Affected Webhooks

  • NewSaleSuccess (v4)
  • CustomerDataUpdate (v2)
  • Chargeback (v2)
  • Refund (v2)
  • RenewalSuccess (v3)
  • Void (v2)

Release 3 - 2014-04-24

New Feature

Added flexId variable to support FlexForms (Open Beta). The field only appears for FlexForm transactions.

Affected Webhooks

  • NewSalesSuccess (v3)
  • NewSalesFailure (v2)
  • Notes were added to related Webhooks (UpSaleSuccess, UpSaleFailure, CrossSaleSuccess, CrossSaleFailure) to reference the correct base versions.

Release 2 - 2013-10-30

New Features

  • Introduced versioning support for configurations and events.
  • Older configurations prompt upgrade option.

New Webhooks Event

  • Return - Notifies users of check returns.

New Parameters

  • paymentAccount
  • renewalDate

Affected Webhooks

paymentAccount field added to:

  • NewSaleSuccess (v2)

renewalDate field added to:

  • RenewalSuccess (v2)
  • RenewalFailure (v2)

Bug Fixes

  • Fixes a bug that resulted in incorrect POST of the failureCode, failureReason, and transactionId fields in CrossSales, CrossSaleAPI, and Upgrades with specialOffer.
  • Fixes a bug that resulted in incorrect POST of failureCode, failureReason, and transactionId fields for Upsales.
  • Fixes a bug that caused the subscriptionTypeId to be incorrectly sent.

Release 1 - Initial Release

No notable changes included.