Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Include account identifier in Webhook

TessaW
First-timer

2 weeks ago

Hello! I'm new to ShipStation but not API integrations. I'm working with a client to track fulfillments and so using webhooks to ping my endpoint, however, there doesn't seem to be any kind of identifier for which account and/or store sent the webhook!

I'm creating mine in a modular way so that it could be used by multiple clients and after finding out that WebHooks in v2 aren't technically ready and still required to use v1 webhooks. With v1, the only unique headers I've found are 

`X-ShipEngine-Timestamp`, `X-ShipEngine-RSA-SHA256-Signature`, and `X-ShipEngine-RSA-SHA256-Key-ID` and then the body just has the resource type and URL. So what I'm trying to do is, when I get the request, do a database lookup to see which client/account the webhook belongs to so I know which credentials to use for authorization to then get the information from the resource URL. If my whole app belonged to the client, then sure, or if the endpoint was unique to the client, then okay, but due to the modularity of it, it's a generic endpoint.
 
Ideally, there would be something like `X-ShipEngine-Webhook-ID` in the headers with the webhook's ID as the value. At least then I can match it up with the ID saved in the database from when I created it. Bonus if the headers also included `X-ShipEngine-API-Version` set to 1 or 2 so that my app doesn't have to do the guesswork. With Shopify's webhooks, it includes the shop's domain, e.g. "https://{account_id}.myshopify.com", in the `X-Shopify-Shop-Domain` header so I can identify the client accounts with that, but I have nothing for ShipStation. My current workaround is hashing the client ID assigned in my app and automatically appending it as a query parameter in the endpoint when I create it, but like I said before, it's not ideal, because then it means all clients will need a unique endpoint URL for identification.
 
While I did start with v2, I was able to set custom headers in the creation request so that was nice. Can pass my nonce values and all sorts of good stuff for verification. So at least v2 will be good when it launches ๐Ÿ™‚
 
Thanks!
Labels:
0 Kudos
1 REPLY 1

CaraAdmin
Khoros

a week ago

Hello @TessaW!

First, welcome to the Community! We're so glad you're here. This space is an excellent resource for finding answers, sharing feedback, and suggesting new product featuresโ€”we hope you find it helpful and inspiring!

 

According to the development team, we will release additional webhooks this year. As soon as I have more information, I will happily update the community! 

 

I appreciate your patience!

 

Happy Shipping!

-Cara

0 Kudos