Timeouts and Retries for Webhooks

Connection timeout: 3 seconds
Response timeout: 15 seconds
Retries: Automatic retries are performed for failed deliveries based on retry schedule with exponential backoff over ca. 24 hours
Logs: Failed webhooks are logged and can be monitored

Monitoring Webhook Logs

View Webhook Logs

GET /api/webhooks/{webhook_id}/logs

View Specific Log Entry

GET /api/webhooks/logs/{webhookLog_id}

These endpoints allow you to monitor webhook delivery status, debug failures, and track retry attempts.

Webhook Security

Verifying Webhook Authenticity

Always verify incoming webhooks using the Rackbeat-Webhook-Token header:

$receivedToken = $_SERVER['HTTP_RACKBEAT_WEBHOOK_TOKEN'];
$expectedToken = 'your_stored_webhook_token';

if (!hash_equals($expectedToken, $receivedToken)) {
    http_response_code(401);
    exit('Unauthorized');
}

Best Practices

Store tokens securely: Never expose webhook tokens in client-side code
Validate payloads: Always validate the structure and content of incoming webhooks
Handle idempotency: The same event might be delivered multiple times
Respond quickly: Return a 2xx status code as quickly as possible
Process asynchronously: Queue webhook processing for heavy operations

Suppressing Webhooks

If you need to perform operations without triggering webhooks (e.g., during data imports), you can suppress them:

Query Parameter

POST /api/orders?suppress_webhooks=true

Request Body

{
  "suppress_webhooks": true,
  "name": "Test Order"
}

Error Handling

Common HTTP Status Codes

Code	Description
201	Webhook created successfully
200	Webhook retrieved/updated successfully
400	Invalid request parameters
401	Authentication required
403	Access denied
404	Webhook not found
422	Validation errors