Webhooks
Webhooks let you receive real-time HTTP notifications when events happen on Wemarka.
How Webhooks Work
- You register a webhook URL in the Developer Portal.
- When a subscribed event occurs, Wemarka sends a
POSTrequest to your URL. - Your server processes the payload and returns a
2xxresponse.
Supported Events
| Event | Description |
|-------|-------------|
| order.placed | A new order was placed for your store. |
| order.updated | An order status changed (confirmed, shipped, etc.). |
| product.created | A new product was added to your catalog. |
| product.updated | A product was modified. |
Payload Format
{
"id": "evt_abc123",
"type": "order.placed",
"timestamp": "2026-04-13T12:00:00Z",
"data": {
"orderId": "...",
"tenantId": "..."
}
}
Verifying Signatures
Each webhook request includes an X-Wemarka-Signature header. Verify it using the signing secret from your webhook configuration:
import crypto from "crypto";
function verifySignature(payload, signature, secret) {
const expected = crypto
.createHmac("sha256", secret)
.update(payload)
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}
Retry Policy
If your endpoint returns a non-2xx status or times out (30 seconds), Wemarka retries with exponential backoff:
- Attempt 1: Immediate
- Attempt 2: After 1 minute
- Attempt 3: After 5 minutes
After 3 failed attempts, the delivery is marked as Failed.
Best Practices
- Always verify webhook signatures before processing.
- Return
200 OKquickly — process payloads asynchronously if needed. - Use idempotency keys (the event
id) to avoid processing duplicates.