How to Solve Adyen Webhook Timeout Errors

Adyen webhooks are essential for payment integrations, enabling real-time notifications when events like payment authorizations, captures, refunds, or chargebacks occur. However, Adyen's strict 10-second timeout limit can cause significant problems when your webhook endpoint needs more time to process events.

In this guide, we'll explore why Adyen webhook timeouts occur, the consequences of failing to respond in time, and how to solve these issues using Hookdeck. For a comprehensive overview of Adyen webhook capabilities, see our guide to Adyen webhooks.

Understanding Adyen's webhook timeout behavior

When Adyen sends a webhook, it expects your endpoint to respond within 10 seconds with a successful HTTP status code (2XX). This timeout is non-negotiable and applies to all Adyen webhook endpoints.

Adyen recommends acknowledging webhooks with HTTP status code 202 ("Accepted") to indicate that the request has been received, even if processing isn't complete. This aligns with industry best practices where acknowledging receipt is separate from processing the event.

If your endpoint doesn't respond in time, Adyen assumes the webhook failed and initiates its retry mechanism. This can quickly spiral into bigger problems for your payment operations.

What happens when webhooks timeout

Adyen's timeout handling follows a progressive retry pattern:

1. Initial timeout: Adyen marks the delivery as failed and schedules a retry
2. Immediate retries: Adyen retries sending the webhook message three times immediately
3. Retry queue: After immediate retries fail, the webhook is placed in a retry queue with increasing intervals
4. Extended retries: Retry attempts continue regularly for up to 7 days at increasing intervals, then every 8 hours for the following 7 days
5. Maximum retry period: Adyen continues retrying for up to 30 days before giving up

Alert notifications

Adyen sends alert notifications to keep you informed:

• After 5 retry attempts: Initial failure alert
• After 7 days: Ongoing failure alert
• On recovery: Notification when a previously failing endpoint starts accepting events again

When your payment webhooks are stuck in the retry queue, you risk delayed order fulfilment, incorrect inventory, and poor customer experiences.

Common causes of Adyen webhook timeouts

Synchronous processing

The most common cause of timeouts is processing webhook payloads synchronously, for example, running database operations, updating order status, sending confirmation emails, or executing business logic before responding.

Heavy payment processing workloads

Adyen webhooks often trigger resource-intensive operations:

• Updating order management systems
• Synchronizing with ERP or accounting software
• Triggering fulfillment workflows
• Sending customer notifications
• Updating subscription status
• Processing refund or chargeback logic

Traffic spikes

During high-volume periods (flash sales, Black Friday, end-of-month billing runs), webhook volume can spike dramatically. If your endpoint can't handle the load, response times increase and timeouts occur.

Cold starts on serverless platforms

If you're running webhook handlers on serverless platforms (AWS Lambda, Vercel, Google Cloud Functions), cold starts can add several seconds to response times, eating into your 10-second budget before your code even executes.

Third-party API dependencies

If your webhook handler calls external APIs (payment reconciliation services, fraud detection, shipping providers) synchronously, any latency from those services directly impacts your response time.

HMAC signature verification overhead

While essential for security, complex HMAC signature verification combined with payload processing can consume valuable milliseconds, especially under load.

The problem with traditional solutions

Optimizing your code

You can optimize your webhook handler to be faster, but this approach has limitations:

• Doesn't solve the underlying architectural problem
• Still fails under heavy load or when third-party APIs slow down
• Creates technical debt as you strip out necessary functionality
• Cold starts remain an issue on serverless platforms

Building your own queue

You could implement a message queue (RabbitMQ, Redis, Amazon SQS) to decouple webhook ingestion from processing:

# Better, but requires significant infrastructure
@app.route('/webhook', methods=['POST'])
def handle_webhook():
    payload = request.json
    queue.enqueue(payload)  # Quick enqueue
    return '[accepted]', 200  # Immediate response

# Separate worker processes the queue
def worker():
    while True:
        payload = queue.dequeue()
        process_payment_webhook(payload)

While this works, it requires:

• Setting up and maintaining queue infrastructure
• Building retry logic for failed processing
• Implementing dead-letter queues for failed messages
• Monitoring queue health and processing latency
• Handling duplicate webhook deliveries (Adyen may send the same event multiple times)
• Managing idempotency to prevent double-processing payments

How Hookdeck solves Adyen webhook timeouts

Hookdeck is webhook infrastructure that sits between Adyen and your endpoint, acting as a managed queue that eliminates timeout issues entirely.

How it works

1. Adyen sends webhook to Hookdeck: Hookdeck acknowledges receipt in under 200ms (well within Adyen's 10-second timeout window)
2. Hookdeck queues the event: The webhook is stored reliably until your server is ready
3. Your server processes at its own pace: Hookdeck delivers events with configurable timeout windows, giving you significantly more time
4. Automatic retries: If your server is temporarily unavailable, Hookdeck retries with configurable backoff
5. Built-in Adyen handshake support: Hookdeck automatically handles Adyen's [accepted] response requirement

Setting up Hookdeck with Adyen

Step 1: Create a Hookdeck connection

Sign up at hookdeck.com and create a new connection:

• Source: Create a new source named adyen
• Destination: Enter your actual webhook endpoint URL

Hookdeck provides you with a unique URL like:

https://hkdk.events/xxxxxxxxxx

Step 2: Configure your Adyen webhook

In your Adyen Customer Area:

1. Navigate to Developers > Webhooks
2. Click + Webhook and select the webhook type (e.g., Standard Notification)
3. In the Server configuration section, enter the Hookdeck URL as the webhook URL
4. Configure the events you want to receive (AUTHORISATION, CAPTURE, REFUND, etc.)
5. Under Security, generate an HMAC key for signature verification
6. Click Save

Step 3: Configure HMAC verification in Hookdeck

Hookdeck can automatically verify Adyen's HMAC signatures, ensuring webhook authenticity before forwarding to your server:

1. In your Hookdeck source settings, select Adyen as the source type
2. Enter your HMAC key from Adyen
3. Hookdeck will now verify signatures and reject any tampered webhooks

Step 4: Configure your destination

In Hookdeck, configure your destination settings:

// Destination configuration
{
  "url": "https://your-server.com/api/webhooks/adyen",
  "rate_limit": {
    "limit": 10,
    "period": "second"
  },
  "retry": {
    "strategy": "exponential",
    "count": 5,
    "interval": 30000
  }
}

Key benefits for Adyen webhooks

Never miss a payment notification

Hookdeck acknowledges Adyen webhooks instantly, so they're never marked as failed due to timeout. Even if your server goes down during a high-volume sales period, webhooks are queued and delivered when it's back online.

Rate limiting

Control how fast webhooks are delivered to your server. This is crucial during:

• Flash sales with thousands of simultaneous transactions
• Subscription billing runs
• Batch refund processing
• Migration periods with historical webhook replays

Automatic retries

Configure retry behavior to match your infrastructure:

// Retry failed deliveries with exponential backoff
{
  "retry": {
    "strategy": "exponential",
    "count": 5,
    "interval": 30000  // Start with 30 seconds
  }
}

Event filtering

Process only the webhooks you need:

// Only process AUTHORISATION events
{
  "filters": [
    {
      "path": "$.eventCode",
      "operator": "equals",
      "value": "AUTHORISATION"
    }
  ]
}

Automatic HMAC verification

Hookdeck handles Adyen's HMAC signature verification automatically, ensuring:

• Webhooks are authentic and sent by Adyen
• Payloads haven't been tampered with during transmission
• Invalid webhooks are rejected before reaching your server

Visibility and debugging

Hookdeck provides a dashboard showing:

• All webhook deliveries with full request/response data
• Failed deliveries and retry history
• Latency metrics
• HMAC verification status
• Filtering effectiveness

This visibility is invaluable when debugging payment flow issues or reconciling transactions.

Event replay

Need to reprocess a webhook after fixing a bug? Hookdeck lets you replay any historical webhook with a single click, with no need to wait for Adyen's retry queue or manually trigger test payments.

Updating your webhook handler

With Hookdeck in place, your webhook handler can focus on business logic without timeout anxiety.

Conclusion

Adyen's 10-second webhook timeout is designed to ensure reliable delivery, but it can become a source of payment processing issues when your endpoint needs more time. While you can work around it by building your own queue infrastructure, Hookdeck provides a turnkey solution that handles Adyen's specific requirements out of the box, including automatic [accepted] responses and HMAC verification.

By using Hookdeck, you can focus on building great payment experiences instead of managing webhook infrastructure.

Additional resources

• Adyen Webhooks Documentation
• Adyen Webhook Best Practices
• Troubleshoot Adyen Webhooks
• Hookdeck Documentation
• Why You Should Stop Processing Webhooks Synchronously