08-07-2019 03:59 PM
Thanks for your help! I ended up figuring out the issue -- If a transaction is marked as "Suspicious Transaction" (and many are for us), the net.authorize.payment.authcapture.created event does not occur, ever.
Our payment system uses 'authCaptureTransaction' as the transaction type, so naturally I set up my webhook endpoint to listen for net.authorize.payment.authcapture.created. But in reality, what happens is that if the transaction is marked as suspicious, the net.authorize.payment.fraud.held event is triggered instead. Then, sometime later, after the transaction has been approved, the net.authorize.payment.fraud.approved event is triggered.
I know it's only semantics, but the webhook event names don't really seem to properly communicate this. The docs also don't mention that the net.authorize.payment.authcapture.created event is abandoned entirely if the fraud detection system decides to hold a transaction.