Developer & APIPartner api
Webhooks
Signed webhook delivery for Partner API quote, order, and workflow events.
Entwicklerdocs2 Min. LesezeitGeprüft 16. Apr. 2026
Webhooks
Webhooks deliver quote, order, and workflow events to your systems without requiring constant polling.
Delivery basics
- HTTPS only
- signed requests
- retry on timeout or non-2xx response
- idempotent consumer design recommended
Event families
| Event family | Example events |
|---|---|
| Quote lifecycle | quote.received, quote.updated |
| Order lifecycle | order.created, order.confirmed, order.shipped |
| Workflow signals | partner-specific operational events |
The exact event set depends on entitlement and rollout posture.
Example payload shape
{
"id": "evt_01js3q7d9w4b2k8m1z0h3v6x7y",
"event": "quote.received",
"timestamp": "2026-04-16T10:00:00.000Z",
"data": {
"rfqId": "rfq_123456",
"quoteId": "quote_987654"
}
}Signature verification
import crypto from 'node:crypto';
export function verifyWebhookSignature(rawBody: string, signature: string, secret: string) {
const digest = crypto.createHmac('sha256', secret).update(rawBody).digest('hex');
return signature === `sha256=${digest}`;
}Verify the raw body before JSON parsing or business logic.
Consumer guidance
- return
2xxquickly after verification and enqueue heavier work - store delivery IDs to keep processing idempotent
- log request IDs and event IDs
- rotate webhook secrets on a regular cadence
Related docs
War dieser Artikel hilfreich?
Verwandte Artikel
Edit on GitHub
Zuletzt aktualisiert