Webhooks let you monitor updates to charges associated with your account. You might use webhooks to update a database record when a payment succeeds, or to email a customer when a payment has been confirmed. The Commerce API sends webhook events whenever a charge is created, confirmed, or fails.

Subscribing to a Webhook

Navigate to your Settings page within Coinbase Commerce. Add an endpoint to the Webhook subscriptions section. Click Add an endpoint to add the URL where you’d like to receive webhooks. You will be prompted to enter the endpoint URL (https only) where you would like to receive webhooks. You can choose to be notified of all events or only the subset you care about.

Receiving Webhook Notifications

Before sending your webhook data, Commerce validates that the connection to your service is secure. For this to work, your server must be correctly configured to support https.

Responding to a Webhook

Your endpoint should respond with a 200 HTTP status code to acknowledge receipt of a webhook. If there is no acknowledgement of receipt, we retry with an exponential backoff for up to three days. The maximum retry interval is 1 hour.

Checking Signatures

Commerce signs every webhook event it sends to your endpoints. The signature is included as a X-CC-Webhook-Signature header. This header contains the SHA256 HMAC signature of the raw request payload, computed using your webhook shared secret as the key. You can find your shared webhook secret in settings. Always verify the webhook signature before acting on it inside your system.
See Also: