Setup GuideTo implement the webhook system, follow these steps:
- Create a subscription to an event using the v1/webhooks API
- When the event occurs, we will send the details to the URL you specified. (See the 'callbacks' tab in the webhooks API docs for more details)
- Verify the signature to ensure the webhook is authentic.
We recommend configuring signed webhooks to ensure the webooks you receive are authentic and to prevent unauthorized users from interacting with your site.
If you haven't already done so, add a new key in your admin under the Developer -> Signing Keys menu. Webhooks are automatically signed w/ the most recently created key.
When you have a Signing Key setup, all webhooks will contain two additional headers:
- Webhook-Signature- The signature of the webhook request body. The signature is a HMAC SHA256 Hash & should be generated as a Hex Digest.
- Webhook-Signature-Key-ID- The ID of the Signing Key used.
Download the SDK for example code on how to verify this signature