Webhook Structure
When Fera POSTs to a webhook URL it will include a JWT token as a jwt URL parameter.
JWT Token Param
This JWT token uses Standard HS256 (HMAC SHA256) encryption, and uses either of the following to encrypt:
- your store's Secret Key (for store/account webhooks), or
- your Partner Apps' Client Secret (for Partner Apps)
The JWT token tells you the following attributes:
| Attribute | Type | Description |
|---|---|---|
webhook_id | String | The ID of the webhook resource model that was triggered. Example: fweb_12Ab |
event_name | String (Enum) | The event name that is being triggered. Example: fweb_12Ab |
store_domain | String | The domain of the store (Fera account) that this webhook is being triggered for. Example: fweb_12Ab |
store_public_key | String | The public key of the store (Fera account) that this webhook is being triggered for. Example: pk_12ab |
store_id | String | The ID of the store (Fera account) that this webhook is being triggered for. Example: fsto_12AB |
exp | Integer | A unix timestamp that represents when the JWT token expired. Example: 1657750605 |
JWT tokens expire after 1 hour.
If you're processing the webhook request in a background job (which you totally should) then just make sure to do it within 1 hour of the webhook POST being made to your server.
POST Body
When Fera triggers a webhook it will POST a JSON body of the resource that is being observed.
For example, a webhook POST body for the review_create would look something like this:
// POST https://eo4th63t3scwkbv.m.pipedream.net?jwt=123some.jwt.token321
{
"id": "fRev_12ab",
"state": "pending",
"subject": "product",
"is_verified": true,
"is_test": false,
"product_id": "fpro_12ab",
"customer_id": "fcus_12ab",
"rating": 4,
"heading": "This is a great product!",
"body": "This is a great product! I love it!"
// ... etc
}
Updated over 2 years ago