Skip to main content
Webhook events are triggered when certain actions occur in your account such as order creation, customer creation, etc. You can use these events to build custom integrations or automate your workflows.

Format

  • Webhooks are configured separately for sandbox and production environments.
  • The URL must be in the standard format of https://domain.com/path and must have a valid SSL certificate.
  • Wizcommerce will send a POST request to the URL with a JSON body and headers.
  • The request body will contain the event data in JSON format.

Security

  • A custom header can be configured and used for any auth type (e.g. Bearer token, API key, or shared secret).
  • Use it to verify that incoming requests are from Wizcommerce.
  • Do not expose credentials or secrets publicly.

Authentication

A custom header can be configured for webhook requests and used as any auth type (e.g. Bearer token, API key, or shared secret in a header such as webhook-secret or X-Webhook-Key). Do not expose credentials publicly.

Timeouts

Wizcommerce webhooks are sent with a timeout of 30 seconds. If the webhook does not respond within 30 seconds, it will be considered failed.

Retry Mechanism

To avoid an event being missed, Wizcommerce follows at-least-once delivery semantics. In this approach, if we do not receive a successful response from your server (non 200 HTTP status) or we get a timeout, we resend the webhook. Success status codes are 200, 201, 202, 204. We use exponential backoff to retry the webhook. One event will be retried at most 5 times. Example retry schedule:
  • 1st retry: 30 seconds
  • 2nd retry: 1 minute
  • 3rd retry: 2 minutes
  • 4th retry: 4 minutes
  • 5th retry: 8 minutes (total 15 minutes)

Idempotency

In cases of failure (response with non 200 HTTP status) or timeout, it is assumed that the webhook has not been processed and is sent again as per the retry policy. Ensure your server is configured to handle or receive the same event details multiple times. To help with this, we provide a unique id with all our webhook payloads. Using these IDs, you can dedupe at your end in case of a doubt, or even report errors to/request support from us easily.

Delivery semantics

Usually, webhook events are delivered within a few seconds of the associated event. However, this can be delayed by a few minutes in some cases due to various reasons. While we try to send them promptly, we do not recommend relying on webhooks for time-sensitive events. For business-critical, synchronous use cases, we recommend using the Webhooks API instead.