Comment on page
Receive real time notifications of payments, subscriptions, and much more.
Webhooks enable you to receive notifications upon certain webstore events, for example when a new payment is made. We will send a HTTP request containing a JSON object to any configured endpoints that are subscribing to the respective event. Webhooks are a great way to integrate Tebex with your own website, forum or internal database.
- 1.Go to Developers > Webhooks > Endpoints.
- 2.Click Add Endpoint.
- 3.Enter the URL of your webhook endpoint.
- 4.Select the types of webhooks that you'd like to subscribe to.
- 5.Click Add.
After adding your endpoint, you will receive a warning to inform you that we haven't been able to validate endpoint. Please see the section below for further information about handling validation webhooks.
Webhooks will not be sent to an endpoint unless it has been validated first. This is to ensure we are not sending HTTP requests to URLs that are not expecting our webhooks.
The validation webhook that we send will look similar to the example below. To identify a validation webhook you can check the
typeproperty in the JSON body.
Upon receiving a validation webhook you must respond with a 200 OK response containing a JSON object that has an
idproperty representing the validation webhook's ID, please see the example response below.
Once your endpoint is setup to successfully handle validation webhooks, please visit Developers > Webhooks > Endpoints and click the Validate button next to the endpoint to re-send the validation webhook.
Webhooks from Tebex will only ever be sent from the two IP addresses listed below.
When building your webhook endpoint, we suggest that you check the IP address of the sender and throw a 404 Not Found error if the IP address isn't in the above list.
In addition to checking the IP address, we strongly advise that you verify the X-Signature header that we send with all requests.
The signature is generated by SHA256 hashing the JSON body and then building a SHA256 HMAC with the body hash as the data/content and your webhook secret as the key.
Your webhook secret is displayed on the Developers > Webhooks > Endpoints page. Please see our example of how to generate the signature using PHP below.
$json = file_get_contents('php://input');
$secret = "0d45982a10e3a072d0c1261c55dd9918";
$signature = hash_hmac('sha256', hash('sha256', $json), $secret);