Introduction
Webhooks enable your app get notified of events and state changes when interacting with Onboard’s widget or API. For instance, you’ll receive a webhook notification when an order transitions fromINITIATED to DEPOSITED.
Setting up a webhook
To get started, configure a publicly accessible webhook URL from Onboard Connect’s Settings in the Business portal dashboard.
- Return a
200 OKHTTP status code with no responsebody. - Accept the webhook payload (see structure below).
- Verify the authenticity of the sender using the signature in the request header.
Verifying webhook origin
Since your webhook URL is publicly available, you need to verify that events originate from Onboard and not a bad actor. To ensure this, each webhook attempt makes use of signed HTTP headers, which contain values you can use to verify the authenticity of the data being transmitted between Onboard and your application. The following signed headers can be used:x-signature
- Here’s an example, in Javascript, of how this parameter can be verified:
x-timestamp
- This is the timestamp used to generate the signature
Webhook payload structure
A webhook payload will typically conform to the structure below:Sample payload
order.state_transition
order.state_transition