circle-exclamation
This documentation is currently under development. Certain sections are not yet complete and will be added shortly.
search
HomeDocumentation

WebHook

hashtag
Get all configured webhooks

get
/api/{tenantId}/webhooks

Returns all webhook subscriptions configured for the tenant.

hashtag
Authorization

Requires Webhook.Read scope.

hashtag
Event Patterns

Supports wildcards:

  • customer.* - All customer events

  • pass.created - Specific event

  • * - All events (use with caution)

hashtag
Use Cases

  • Webhook management UI

  • Configuration audit

  • Integration documentation

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
Authorizations
OAuth2implicitRequired
Authorization URL:
Path parameters
tenantIdstringRequired
Responses
chevron-right
200

Webhooks returned.

get
/api/{tenantId}/webhooks

hashtag
Create a new webhook subscription

post
/api/{tenantId}/webhooks

Registers a new webhook endpoint to receive event notifications.

hashtag
Authorization

Requires Webhook.Write scope.

hashtag
Automatic Generation

  • ID: 5-character random identifier (automatically assigned)

  • SignatureSecret: 64-character secret (automatically generated)

hashtag
Request Signing

When sending webhook events, the platform adds an X-NEOSTORE-SIGNATURE header containing HMAC-SHA256 signature:

HMAC-SHA256(requestBody, signatureSecret)

hashtag
Endpoint Requirements

  • Must accept POST requests

  • Should respond within 30 seconds

  • Should return 2xx status code for success

  • Must use HTTPS in production

hashtag
Event Wildcards

  • pass.* - All pass events

  • customer.created - Specific event

  • store.*.updated - Pattern matching

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
Authorizations
OAuth2implicitRequired
Authorization URL:
Path parameters
tenantIdstringRequired
Body
or
Responses
chevron-right
200

OK

post
/api/{tenantId}/webhooks

hashtag
Get a specific webhook by ID

get
/api/{tenantId}/webhooks/{id}

Retrieves detailed information about a single webhook subscription.

hashtag
Authorization

Requires Webhook.Read scope.

hashtag
Security Note

The signature secret is sensitive. Store it securely and never expose it in client-side code.

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
Authorizations
OAuth2implicitRequired
Authorization URL:
Path parameters
idstringRequired

Identifier of the webhook

tenantIdstringRequired
Responses
chevron-right
200

Webhook returned.

get
/api/{tenantId}/webhooks/{id}

hashtag
Update an existing webhook

put
/api/{tenantId}/webhooks/{id}

Modifies webhook configuration while preserving ID and signature secret.

hashtag
Authorization

Requires Webhook.Write scope.

hashtag
Updatable Fields

  • Description

  • Events (array of event patterns)

  • Endpoint URL

  • Enabled status

hashtag
Preserved Fields

  • ID (immutable)

  • SignatureSecret (immutable - use same secret for request validation)

hashtag
Use Cases

  • Change event subscriptions

  • Update endpoint URL

  • Enable/disable webhook temporarily

  • Modify description

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
Authorizations
OAuth2implicitRequired
Authorization URL:
Path parameters
idstringRequired

Identifier of the webhook

tenantIdstringRequired
Body
or
Responses
chevron-right
200

Webhook updated.

No content
put
/api/{tenantId}/webhooks/{id}
No content

hashtag
Delete a webhook subscription

delete
/api/{tenantId}/webhooks/{id}

Permanently removes a webhook. The endpoint will no longer receive event notifications.

hashtag
Authorization

Requires Webhook.Write scope.

hashtag
Behavior

  • Webhook is immediately removed from configuration

  • No further events will be sent to the endpoint

  • Action cannot be undone (must recreate webhook if needed)

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
Authorizations
OAuth2implicitRequired
Authorization URL:
Path parameters
idstringRequired

Identifier of the webhook

tenantIdstringRequired
Responses
chevron-right
200

Webhook deleted.

No content
delete
/api/{tenantId}/webhooks/{id}
No content

Last updated