Xoxoday
  • πŸ““User Resources
    • πŸ‘¨β€πŸ’ΌFor Admins
      • πŸ“ŒGetting Started
        • βš™οΈSettings
          • Manage Super Admin/Admins
            • Hierarchy vs Non-Hierarchy
            • Threshold
            • Delete an Admin
            • Redemption APIs
              • Generic Redemption APIs
              • Oauth 2.0 Implementation for Stores Redemption
          • Platform Preferences
          • Account Verification
        • Types of Companies
      • πŸš€Plum Launch Communication Kit
        • πŸŒ‰Pre-Launch Templates
        • 🀝Introduction to Plum Templates
        • πŸ“ΊHow to Sign up on Plum’s reward storefront Template
        • πŸ“‘How to Bookmark Plum’s reward storefront for easy access Template
        • πŸŽ‰How to Redeem the Rewards on Plum’s Reward Storefront?
      • Xoxo Points
        • πŸ“ŒGetting Started
        • 🚚Distribution of Xoxo-points
        • πŸ“©Email/SMS Customization
        • FAQs
      • Xoxo Codes
        • πŸ“ŒGetting Started
        • 🚚Distribution of Xoxo-codes
        • πŸ“©Email, SMS, and Xoxo Code Campaign Customization
        • FAQs
      • Points vs Codes
      • Xoxo Links
        • πŸ“ŒGetting Started
        • 🚚Distribution of Xoxo-links
        • FAQs
      • Domain Authentication Guide
        • Troubleshooting Domain Authentication
      • πŸ’°Add Funds
        • Base Currency
      • Campaigns
        • Getting Started
        • Editing a campaign?
        • Delete/disabling a Xoxo Campaign?
      • 🏬Reports
      • πŸ’³Prepaid Card User Guide
        • Virtual Paypal International
          • πŸ“ŒGetting Started
          • πŸ“­How to Redeem?
        • Virtual Visa Card
          • πŸ“ŒGetting Started
          • πŸ’³How to Redeem?
      • πŸ”Security and Compliance
        • Cryptography & Encryption
        • Email Whitelisting
        • Governance, Risk, & Data Compliance
        • Application,Dev & Security
        • Cloud Security
        • HR Compliance
        • Identity & Access Management
        • Solution Development
        • Security Operations
        • Training and Awareness
        • Vulnerability and Threat Management
        • Security Operations & Technical Capabilities and Support
        • Data Management
        • Policies & Procedures
        • Tax Compliance
        • Privacy Compliance
        • Cloud Security Alliance
        • Others
        • Documents
          • Data Security
          • Information Security
          • Admin/Business
          • Others
          • Finance Compliance
    • πŸ§‘β€πŸ€β€πŸ§‘For End-Users
      • πŸ“ŒGetting Started
      • πŸ§‘β€πŸ’»Signing up/Logging in
      • πŸͺ™How to redeem?
      • πŸ’³Gift Vouchers
      • 🎁Gift Box Queries
      • 🚚Delivery Related Issues
      • πŸ›‘Cancelation/Refunds
    • πŸ”—Pre-Built Integrations
      • Qualtrics Integration Guide
        • Using Qualtrics Workflow Extension to Send Rewards
        • Public Survey Rewarding
        • Anonymous Survey Rewarding
      • HubSpot + Plum
        • 1-1 Reward Widget in HubSpot
        • Workflow Based Reward Automation
        • 1-Many Link for Xoxolink’s Reward Automation
        • Email based Reward Automation
      • Darwinbox + Plum
      • SurveyMonkey + Plum
        • Public Survey Automation
        • Anonymous Survey Automation
      • Zapier + Plum
      • ActiveCampaign + Plum
        • Creating Automation
      • Salesforce + Plum
        • Getting Started with Xoxoday Plum
        • Getting Started and Setting up Salesforce Integration
        • Sending 1-1 Reward
        • Steps to create a Flow and add a Trigger
        • Redemption Journey for your Recipients
      • Typeform + Plum by Xoxoday
      • Zoho People + Plum
      • SAP Successfactors + Plum
        • SAP Client Registration with Xoxoday for Stores Redemption
      • Decipher - Forsta Integration
      • Zoho CRM
        • Send 1-1 rewards
        • Automation : Workflow Rules
      • Connect Plum to thousands of apps using Zapier
      • Other Integrations
    • πŸ›£οΈProduct Roadmap
      • 2022
      • 2021
  • πŸ‘¨β€πŸ’»Developer Resources
    • Rewards API
      • Getting started
      • API Endpoints
        • Authentication
          • Client ID, Secret ID, and Token Creation
          • Token Management
        • Catalog
          • GetVouchers API
          • GetFilters API
        • Orders
          • PlaceOrder API
          • GetOrderDetails API
          • GetOrderHistory API
        • Account Balance
          • GetBalance API
        • Postman Collection URL
      • Concepts
        • Staging Environment
        • Catalog
        • Error Handling
          • Standard HTTP status code summary
          • Errors related to API
        • Exchange Rates
      • Guides
        • Funding the Account
        • Reporting and Analytics
      • Webhooks
        • Test Webhooks
        • How to implement webhooks?
        • How to secure your webhooks?
      • Forex
      • Best Practices
      • Frequently Asked Questions
    • StoreFront Integration
      • Getting started
      • API Endpoints
        • Authorization
        • Token Creation & Token Management
        • SSO Redirection
        • End Points
      • Concepts
        • Points
      • Guides
        • Funding Account
        • Reports and Analytics
    • Xoxo Link API
    • Roadmap for 2021
  • πŸ“…Release Notes
    • Release April 2023
    • Release March 2023
    • Release February 2023
    • Release December 2022
    • Release October 2022
    • Release September 2022
    • Release July 2022
    • Release May 2022
    • Release March 2022
    • Release February 2022
    • Release December 2021
    • Release November 2021
    • Release October 2021
    • Release September 2021
    • Release July 2021
    • Release May 2021
    • Release March 2021
    • Release December 2020
    • Release October 2020
    • Release September 2020
    • Release August 2020
    • Release June 2020
    • Release May 2020
    • Release April 2020
    • Release March 2020
Powered by GitBook
On this page
  • How to enable the security feature ?
  • Key Pointers
  • Webhook Payload
  • Parameters

Was this helpful?

  1. Developer Resources
  2. Rewards API
  3. Webhooks

How to secure your webhooks?

PreviousHow to implement webhooks?NextForex

Last updated 2 years ago

Was this helpful?

To secure your webhooks we have added the β€œx-api-key” feature which if enabled will help you identify the source of the data. This adds an extra layer of security to your webhooks.

How to enable the security feature ?

To enable this feature,

  1. You have to click on the toggle button of β€œ Add Custom Header β€œ to enable the header.

  2. You will be shown a field to enter the x-api-key value which is recommended to have alphanumeric and between 13 - 60 characters.

  3. Post updating the x-api-key value, Click on β€œUpdate Webhook” button and the x-api-key will be saved.

  4. If any orders placed post the changes, you will receive the webhook payload with the x-api-key value in the header.

Incase, if you want to change / edit the x-api-key value,

  • You can click on the β€œ Enter x-api-key β€œ field and make the changes

  • Then you have to click on β€œ Update Webhook ” and the new x-api-key will then be saved, which will be added with the payload.

Key Pointers

  • The x-api-key value has to be alphanumeric.

  • The x-api-key value has to be between 13 - 60 characters.

Webhook Payload

x-api-key: a1p2z5b7v68b9112234

{
    'id': orderID<Number(20)>,
    'data': {
                'orderId': <Number(11)>,
                'poNumber': <String(100)>,
                'orderDate': <String(19)>,
                'deliveryStatus': <String(9)[Delivered|Canceled]>
            },
             'createdAt': <String(19)>
}
Legend: <DataType(size)>

Parameters

Parameter Name
Type
Description

x-api-key

String (60)

x-api-key in the header to identify the source

ID

Integer (20)

Unique Webhook ID to identify that the webhook is thrown

Order ID

Integer (11)

Unique Xoxo Order ID whenever an order is placed via the Plum API

PO number

String (100)

PoNumber if provided by the client while placing an order

OrderDate

String (19)

Date when an order is placed

Delivery Status

String (9)

Order delivery status. Can be delivered or canceled

CreatedAt

String (19)

When callback was invoke

πŸ‘¨β€πŸ’»