Payload redaction

Payload redaction removes sensitive fields before webhook payloads are stored.

Configure redacted fields

'redact' => [
    'customer.email',
    'customer.phone',
    'payment.card.last4',
],

Before and after

Incoming payload:

{
  "customer": {
    "email": "[email protected]"
  }
}

Stored payload:

{
  "customer": {
    "email": "[redacted]"
  }
}

Disable payload storage

For highly sensitive integrations, disable payload storage entirely.

'store_payloads' => false,

This stores metadata about the delivery without keeping the full request body.