Webhook

Webhooks act as a gateway to receive raw data at a particular destination that you define. Webhook is used to ask AfterShip to push back any updates to your system. This is used when the store wants to send out notifications by themselves or receive the latest delivery status / checkpoint. Users can select when to ask AfterShip pushes back delivery updates when using webhook.

Setup webhook

Go to notification settings
Add webhook URL (upto 4).
Select events to start receiving updates.

Note: AfterShip verifies the webhook by sending a POST request to the provided URL. The webhook would be added successfully upon responding 200 HTTP status code.

Securing webhooks

Webhooks(v4.3 or above) includes a calculated digital signature for verification. Each webhook request includes a aftership-hmac-sha256 header. The signature is a base64-encoded HMAC generated using sha256 algorithm with webhook request body and webhook secret of your account.

Each webhook request could be verified by comparing the computed HMAC digest and the attached HMAC digest in header.

The following Node.JS example demonstrates the computation of a webhook signature.

const crypto = require('crypto');
const WEBHOOK_SECRET = "....."; // your webhook secret

function generateSignature(requestBodyString) {
    return crypto
        .createHmac('sha256', WEBHOOK_SECRET)
        .update(requestBodyString, 'utf8', 'hex')
        .digest('base64');
}

Note: webhook secret can be obtained by going to Settings > Notifications

Updated on: 01/06/2022