No. All callback url-s need to use HTTPS only.
We will schedule a new attempts and will keep trying until a successful response is received. First request attempt will timeout after 3 seconds, next 2 attempts after 10 seconds and the rest of attempts have a timeout of 30 seconds.
There is a total of 10 attempts with the following intervals: 3 sec, 10 sec, 1 minute, 10 minutes, 100 minutes, 8 hours, 24 hours, 48 hours and 96 hours.
Please note that HE URL is HTTP which may trigger mixed-content warning if you include it on a HTTPS page and even block rendering on certain Webview and smartphone browsers. Since Lollipop (API 21), WebView blocks all mixed content by default.
You can prevent this by modifying Android WebView settings:
In this mode, the WebView will attempt to be compatible with the approach of a modern web browser with regard to mixed content. Some insecure content may be allowed to be loaded by a secure origin and other types of content will be blocked. The types of content are allowed or blocked may change release to release and are not explicitly defined.
In practice this should allow loading of images, videos, music etc. - all content that has low probability of being major security threat, when tampered/replaced by malicious third-party.