Webhooks

Use webhooks to get notified about certain events. Each webhook is signed to ensure authenticity. Any number of webhook endpoints can be created.

Possible events

order.created(Pending) Order has been created
order.processedOrder has been processed and compensated
order.canceledPending order was discarded
order.refundedOrder was reversed
payment_link.createdA new payment link was created
payment_link.paidPayment Link successfully used

Receive webhook

We send a POST request to the URL defined in the webhook endpoint. This is what an example of a request body looks like:

1
2
3
4
5
6
7
8
9
10
{
  "trigger": "order.created",
  "created_at": "2022-02-03T02:23:47.404Z",
  "ident": "8ed1bae2-9ca4-4c3c-8fee-669334c783da",
  "signature": "a871c6067afef4cb7040c0b445f7df0503067d7af41dc95e554c47da94a553260c29051d377f5b5447f060a2d0833745177facfeb8c43daa96e9b181bc66cd88",
  "testing": false,
  "webhook_content": {
    "order_id": "CA-A949-E43D48E1"
  }
}

Validate Webhook

Validate the authenticity of the webhook calls using the signature and the private key. Combine the fields trigger, ident and the private key to a string like in the example and encrypt it with SHA512. The resulting encrypted string must match signature.

1
2
3
4
5
6
7
const validation = sha512(request.body.trigger + request.body.ident + your_private_key);

if (request.body.signature !== validation) {
  return response.status(401).send() //Unauthenticated
}

//ToDo: implement the webhook request

Ready to start? Contact us or create an account directly.

Create an account and start directly with the calculation and compensation of CO2 emissions via our API. You still have questions or need an individual offer? Use the chat or make an appointment with our sales team.