Webhooks
Selly provides a webhooks system allowing you to subscribe to to events with Webhook Endpoints, alongside Product/Payment Order status webhooks and Dynamic Product webhooks.
Please note only HTTPS webhook URLs are supported.
Events
Each webhook request will feature a X-Selly-Event header containing the webhook event type. A list of supported events from Webhook Endpoints can be found below.
- Name
feedback:created- Type
- Description
When a feedback is initially created.
- Name
feedback:updated- Type
- Description
Each time a feedback is updated.
- Name
order:created- Type
- Description
When an order is initially created.
- Name
order:updated- Type
- Description
Each time an order is updated.
- Name
order:paid- Type
- Description
When the order has been marked as completed.
- Name
product:out_of_stock- Type
- Description
When a product has ran out of stock.
- Name
query:created- Type
- Description
When a query is initially created
- Name
query:replied- Type
- Description
When a query has received a new reply.
Signing/Validating
To verify the authenticity of a webhook request and its payload, each webhook request includes a X-Selly-Signature header with a HMAC signature comprised of the JSON encoded request body and your webhook secret. Your webhook secret can be changed in your settings page.
Validating Signed Webhook Signature
require 'openssl'
require 'active_support'
secret = 'your webhook secret'
signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha512'), secret, payload.to_json)
is_valid_signature = ActiveSupport::SecurityUtils.secure_compare(request.headers['X-Selly-Signature'], signature)
if is_valid_signature
# Webhook is valid
end