Collapse Menu
Docs Home
Developer Tools
Contact Support

Troubleshooting Webhook Connection Problems


This article provides information and guidance for troubleshooting problems with webhooks.

When a webhook event fails to post successfully, FastSpring automatically retries sending the event every 10 minutes until we receive a response of "200" or "202", or until 24 hours have passed since the first attempt. Every 24 hours, if there have been any failed/unprocessed events that have not yet been resolved, FastSpring emails the alert email address configured for your Store to notify you of the problem.

This article provides information on troubleshooting posting errors that result from connection problems.


Viewing Recent Server Webhook Activity

To review recent activity, including unprocessed/unsuccessful events, log in to the FastSpring App and select the Integrations menu and the Webhooks tab. Then, click Recent Activity for one of your webhook configurations.

By default, the Recent Server Webhook Activity dialog shows the 250 most recent events, starting with the most recent first. The dialog includes both processed and unprocessed events. You can click the drop-down selector in the FILTER field and choose to display only processed or only unprocessed events.

Any unprocessed events (i.e., events for which FastSpring did not receive a "200" or "202" response) appear with a red band indicating the date and time (UTC) and the event type, as in the illustration below.

In some cases, a second text area appears below the event payload for unprocessed events. The second text area may contain information about why the event was not processed successfully (e.g., the response received from the specified endpoint).


Connection Timeouts and Supported Ports

Webhook events are posted to port 8443 of the specified URL/endpoint, by default. When setting up webhooks, if you need to specify a different port in your URL, please use one of the following ports: 3443, 8282, 9191, 9000, or 9999. If you specify any other port in the URL, we may be unable to connect to the endpoint, resulting in a timeout error.


Connection Problems

If the error info section of an unprocessed event includes an error such as {"message": "Received fatal alert: handshake_failure"} or an HTTP 403 error code, this may indicate that FastSpring was unable to establish a secure connection to your server (i.e., the server specified in your webhook URL).


TLS 1.2

In the interest of data security, FastSpring requires that all servers targeted with webhook posts must support and use the TLS 1.2 protocol for the connection. If your server does not support TLS 1.2, this may prevent FastSpring from posting webhook events to your server. In that case, consult your network administrator or web hosting provider to find out whether or not TLS 1.2 support can be enabled.


Supported Cipher Suites

FastSpring supports 28 different cipher suites for encrypting the data we post via webhooks. However, some TLS 1.2-compatible cipher suites may not be supported. For FastSpring to successfully establish a secure connection to your server, both FastSpring and your server must agree on the specific cipher suite to be used. If none of the cipher suites supported by FastSpring matches any of the cipher suites supported by your web server, this may prevent FastSpring from posting webhook events to your server.

Listed below are the cipher suites currently supported by FastSpring. To find out which cipher suites your server supports, you can consult your network administrator or web hosting provider. Your web host may have that information available in an FAQ or knowledge base article. Alternatively, you can use the SSL Labs tester described later in this article.

Cipher Suites Supported by FastSpring
Cipher# 0: TLS_RSA_WITH_AES_256_CBC_SHA256
Cipher# 1: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Cipher# 2: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Cipher# 6: TLS_RSA_WITH_AES_128_CBC_SHA256
Cipher# 7: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Cipher# 8: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Cipher# 13: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Cipher# 14: TLS_DH_anon_WITH_AES_256_CBC_SHA
Cipher# 15: TLS_DH_anon_WITH_AES_128_CBC_SHA256
Cipher# 16: TLS_DH_anon_WITH_AES_128_CBC_SHA
Cipher# 20: SSL_DH_anon_WITH_DES_CBC_SHA
Cipher# 21: TLS_RSA_WITH_NULL_SHA256
Cipher# 26: TLS_AES_128_GCM_SHA256
Cipher# 27: TLS_AES_256_GCM_SHA384


Using the SSL Labs Tester to Identify which Cipher Suites Your Server Supports

One way to find out what cipher suites your server supports is to use the SSL Labs tester found at

In the Hostname field, enter the domain of your webhook URL and then click Submit. For example, if your webhook URL is, you would enter

The SSL Report takes a few minutes to run. When it finishes, scroll down to the Configuration section of the report.

  • Under ProtocolsTLS 1.2 must show "Yes" because FastSpring requires that your server support TLS 1.2.
  • Under Cipher Suites, check the list of cipher suites supported in the #TLS 1.2 (suites supported in server-preferred order) section. Compare that list to the list of cipher suites supported by FastSpring, above. Your server must support at least one of the cipher suites supported by FastSpring. Otherwise, FastSpring may not be able to post webhook events to your server.

If none of the cipher suites match, consult your network administrator or web hosting company. You may be able to switch to a different certificate that does support one or more of the cipher suites supported by FastSpring. (Note:  In some cases, this may require you to use a hosting provider's paid hosting service rather than a free offering.)