Webhook Authentication

  • Updated

Setup:

1. Go to https://ship.gosweetspot.com/developer/webhooks.

2. Select the events you want your application to receive.

3. Each event will be triggered at a different stage of consignment processing:

- Created
- Picked
- Delivered

4. Select the version of the webhook you want to use:

- Legacy: The body is a stringified JSON.
- Latest: The body is a JSON object.

5. Set the webhook URL. This should be an HTTP(S) URL to which we will send a POST request.

6. Generate an HMAC Secret (Optional)

HMAC Secret: Used to encode the request body. We include an HMAC in each request's query string.

How to use:

When you receive our webhook notification, use the raw content from the request and the secret key generated at step 6 to compute a SHA256 HMAC. Output it as a Base64 string, then compare it with the HMAC in the query string. They should match exactly.