How to secure your webhooks?

To secure your webhooks we have added the “x-api-key” feature which if enabled will help you identify the source of the data. This adds an extra layer of security to your webhooks.

How to enable the security feature ?

To enable this feature,

1. You have to click on the toggle button of “ Add Custom Header “ to enable the header.

2. You will be shown a field to enter the x-api-key value which is recommended to have alphanumeric and between 13 - 60 characters.

3. Post updating the x-api-key value, Click on “Update Webhook” button and the x-api-key will be saved.

4. If any orders placed post the changes, you will receive the webhook payload with the x-api-key value in the header.

Incase, if you want to change / edit the x-api-key value,

• You can click on the “ Enter x-api-key “ field and make the changes

• Then you have to click on “ Update Webhook ” and the new x-api-key will then be saved, which will be added with the payload.

Key Pointers

• The x-api-key value has to be alphanumeric.

• The x-api-key value has to be between 13 - 60 characters.

Webhook Payload

x-api-key: a1p2z5b7v68b9112234

{
    'id': orderID<Number(20)>,
    'data': {
                'orderId': <Number(11)>,
                'poNumber': <String(100)>,
                'orderDate': <String(19)>,
                'deliveryStatus': <String(9)[Delivered|Canceled]>
            },
             'createdAt': <String(19)>
}
Legend: <DataType(size)>

Parameters

Parameter Name	Type	Description
x-api-key	String (60)	x-api-key in the header to identify the source
ID	Integer (20)	Unique Webhook ID to identify that the webhook is thrown
Order ID	Integer (11)	Unique Xoxo Order ID whenever an order is placed via the Plum API
PO number	String (100)	PoNumber if provided by the client while placing an order
OrderDate	String (19)	Date when an order is placed
Delivery Status	String (9)	Order delivery status. Can be delivered or canceled
CreatedAt	String (19)	When callback was invoke