Webhooks

Configure endpoint delivery to receive near real-time events from Sedifex.

Event types

• product.updated
• product.deleted
• integration.key.revoked
• webhook.delivery.failed

Signature headers

• X-Sedifex-Signature (sha256 HMAC digest)
• X-Sedifex-Event (event name)
• X-Sedifex-Delivery-Id (unique delivery id)

Webhook delivery payload contract (MVP)

{
  "event": {
    "id": "evt_01JQY7Q9K7N6M3P2P8V9XQ2T6H",
    "type": "product.updated",
    "createdAt": "2026-04-04T08:15:00Z"
  },
  "storeId": "store_123",
  "data": {
    "productId": "prod_1"
  }
}

• Idempotency: treat event.id as the de-duplication key across retries.
• Retry visibility: each delivery exposes attempt count, last response, and next scheduled retry in the console.

Node.js verification example

import crypto from "crypto";

function verifySignature(rawBody, signatureHeader, endpointSecret) {
  const digest = crypto
    .createHmac("sha256", endpointSecret)
    .update(rawBody)
    .digest("hex");

  const expected = `sha256=${digest}`;
  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(signatureHeader)
  );
}

Important: use the raw request body for HMAC verification. Parsing and re-stringifying JSON before verification can cause signature mismatches.