Webhooks

When certain events occur, our system sends an HTTPS-request to one or more URLs specified by you up front. These events occur for example when an order is completed for asynchronous usage requests as well as when a product is updated. Events may occur for a varity of scopes and the webhooks will be delivered to you based on the specific subscription.

The webhook requests are all executed with the HTTP method POST with a JSON body. The body contains information about the event that happened, the event scope, a unique webhook ID to allow easy handling of webhook retries, when the event happened, as well as a data object, where the contain may differ based on the event scope.

Webhook requests are signed in the same way as requests to the API. For hook requests, we provide the signature in the Fp-Signature header. The signature works as authentication, so always verify the signature to prevent unauthorized access. See Authentication for more information about the signature.

We verify the HTTPS server certificate when making webhook requests to your system, so make sure you have a server certificate accepted by common browsers.

Failed Requests

If a webhook request fails, we retry the request multiple times. The waiting time between retries increases to ensure that your server is not overloaded.

We regard all HTTP status codes in the 2xx range as success and everything else as an error. This means redirect status codes like 307 are interpreted as error since we do not follow redirects.