Shop webhook

These endpoints allow you to manage the webhooks for a shop.

The webhook model

The order model contains info about the order placed, it contains the following properties:

Properties

  • Name
    webhook_key
    Type
    string
    Description

    A unique key to validate the webhook call signature.

  • Name
    webhook_url
    Type
    string
    Description

    The URL to which the webhook will send data.

  • Name
    is_validated
    Type
    boolean
    Description

    Indicates whether the webhook is validated.

  • Name
    is_active
    Type
    boolean
    Description

    Indicates whether the webhook is currently active.

How the webhooks work.

Webhooks can be configured in the dashboard for a shop. When a webhook is configured, the shop will send a request to the configured URL in the following scenarios:

  • When a new order is placed, called will be made with status: open.
  • When the order is paid, called will be made with status: paid.
  • When the payment failed, called will be made with status: failed.
  • When the payment is canceled, called will be made with status: canceled.

the webhook will send a POST request to the configured URL with the following payload:

{
  "order_id": "<order_uuid>",
  "brand_id": "<brand_uuid>",
  "order_status": "open"
}

This payload can be used to fetch the order details from the API.

Headers

To validate the incoming request send by WalletApp you will need to validate the call with the signature key provided from the dashboard

We provide the following headers in the request:

{
  "wllt-signature": "<signature>",
  "wllt-message-id": "<message_id>"
}

The signature is a HMAC SHA256 hash of the request body with the webhook key as the secret. An PHP example to validate the signature:

$key = "<my_webhook_signature_key>";
$body = $_POST['body'];
$signature = $_SERVER['WLLT-SIGNATURE'];

// JSON encode the body to match the format of the webhook
$signature = hash_hmac('sha256', json_encode($body), $key);

if ($signature !== $signature) {
    // return a 200 OK response and discard the webhook
} else {
    // process the webhook
    // return a 200 OK response
}

Intervals

If the webhook receives a 5xx code, we will retry the call in the following intervals:

  • 30 seconds
  • 1 minute
  • 10 minutes
  • 1 hour
  • 3 hours
  • 6 hours
  • 24 hours

If the webhook receives a 4xx code, we will not retry the call and see it as a successfull response.

For debugging the webhooks use the webhooks logs call for a specific order.