The v2024-01-01 webhook version can be used to inform your system about various events that are triggered in Voucherify. The v2024-01-01 webhooks work for distributions and events listed in the Project settings.
The v2024-01-01 webhooks (both for distributions and project settings) share the same data structure, consisting of the following keys:
idproject_idcreated_attypedatasourceevent
The values for the type and data depend on the event that triggers the webhook. Go to Project Setting Webhook Payload and Distribution Webhook Payload to learn more about their payloads.
Configuring v2024-01-01 Webhooks
- In Voucherify dashboard, go to Project settings.
- Scroll down to the Webhooks section.
- Click the plus button – Add new webhook.
- Choose v2024-01-01 webhook version.
- Provide the following details:
- Enter the target URL.
- Tick the Is active? checkbox.
- Select the events you want to receive. If you want to receive all the events, choose Send me all events option.
- Click Send test webhook to test your configuration (optional).
- Click Create endpoint.
- If necessary for authentication reasons, enter the Secret key in your system to receive webhooks from Voucherify.
You can add multiple webhooks to your projects following the steps above.
To update webhook details, click the Pencil button – edit. Enter your changes and click Update endpoint.
To delete a webhook, click the Trash button and click Delete.
Get Notified About Failed Sendouts
You can set up notifications to inform you via email or in the app that a webhook did not reach the destination.
Go to the Notification Center > Account Settings and scroll down to Webhook callout notifications to configure notifications.
Audit log
You can check details about a webhook sendout. In Voucherify dashboard, go to Audit log and Webhook sendouts tab.
The Audit Log includes the following details:
- Webhook status
- Webhook type
- Webhook ID
- Source
- Target URL
- Request ID
- Event created at
- Executed at
- Complete webhook data (three dot menu on the right > Show data)
You can also send a failed webhook again. Go to the three dot menu on the right > Retry.
Responding to Webhooks
Voucherify expects your webhook to return a response with a 2XX HTTP status code, indicating that the webhook has been received successfully. If a webhook is not successfully received for any reason, Voucherify will continue trying to send the webhook in the following intervals:
| Re-try No. | Time since the initial attempt | Interval to next re-try |
|---|---|---|
| 1 | 1 min | 1 min |
| 2 | 2 min | 2 min |
| 3 | 4 min | 4 min |
| 4 | 8 min | 8 min |
| 5 | 16 min | 16 min |
| 6 | 32 min | 32 min |
| 7 | 1 h 4 min | 1 h 4 min |
| 8 | 2 h 8 min | 2 h 8 min |
| 9 | 4 h 16 min | 4 h 16 min |
| 10 | 8 h 32 min | 8 h 32 min |
| 11 | 17 h 4 min | 17 h 4 min |
| 12 | 24 h | Final re-try |
Latency
Your endpoint must return a response in under 10 seconds; otherwise, it will be considered an error.
What happens after the 12th try?
- Project-level webhooks that are set in Project Settings are disabled after 12 unsuccessful tries.
- Distribution-based webhooks that are set up as channels in the Distributions manager are paused after 12 unsuccessful tries.
Re-Enabling a Webhook
Project-Level Webhook
To re-enable a disabled webhook:
- In the Project Settings, go to the General tab.
- Scroll down to the Webhooks section.
- Edit the specific Webhook.
- Click Is active.
- Click Update endpoint.
Distribution-Based Webhook
To re-enable a paused webhook:
- Go to the Distribution Manager.
- Click the distribution that has been paused.
- Click the set live icon in the upper right corner.
Authentication
Once your server is configured to receive payloads, it will listen for any payload sent to the endpoint you configured. For security reasons, you may want to limit requests to those coming from Voucherify. To do so, you should copy a secret token and validate the information.
You can generate a secret key in the Project Settings in the Webhooks section.
Each webhook sent from Voucherify contains the x-voucherify-signature of the webhook in the header field.
Then, you can validate the signature by reconstructing it and comparing it to the one sent in the webhook header field.
Reconstruct it using the keyed-hash message authentication code HMAC. It is built with the cryptographic hash function sha256 and the secret cryptographic key taken from the Project settings.
See the following examples for Java and the verifySignature method in the NodeJS SDK.
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
class HelloWorld {
public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException {
byte[] secretKey = "secretKey".getBytes(StandardCharsets.UTF_8);
// when payload is JSON object - whitespaces must be removed
String signature1 = "a17d2ac229d1ebbb5f10e839c7985c4818e5986eab297f7e5979196d4d7d3ed2";
System.out.println(verifySignature(removeWhitespaces("{\n \"a\": 1\n}"), signature1, secretKey));
System.out.println(verifySignature(removeWhitespaces("{\"a\":1}"), signature1, secretKey));
String signature2 = "f7cf97814a03146abedb9793f56e1dec34f618f82d10395310d053f749483ffb";
System.out.println(verifySignature(removeWhitespaces("{\n \"a\\\"b\": 1\n}"), signature2, secretKey));
// when payload is directly a String
String signature3 = "53ff92957e1427ce23ad5bda9d0c5f2f4ff384d0806b83eeacb510c842d3a358";
System.out.println(verifySignature(" message ", signature3, secretKey));
}
public static String removeWhitespaces(String json) {
boolean quoted = false;
boolean escaped = false;
String out = "";
for (Character c : json.toCharArray()) {
if (escaped) {
out += c;
escaped = false;
continue;
}
if (c == '"') {
quoted = !quoted;
} else if (c == '\\') {
escaped = true;
}
if (Character.isWhitespace(c) &! quoted) {
continue;
}
out += c;
}
return out;
}
public static boolean verifySignature(String payload, String signature, byte[] secretKey) throws InvalidKeyException, NoSuchAlgorithmException {
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(secretKey, "HmacSHA256"));
byte[] hash = mac.doFinal(payload.getBytes(StandardCharsets.UTF_8));
String generatedSignature = bytesToHex(hash);
return generatedSignature.equals(signature);
}
private static String bytesToHex(byte[] bytes) {
StringBuilder sb = new StringBuilder(bytes.length * 2);
for (byte b : bytes) {
sb.append(String.format("%02x", b));
}
return sb.toString();
}
}
const crypto = require('crypto')
verifySignature: function (signature, message, secretKey) {
return crypto.createHmac('sha256', secretKey)
.update(isString(message) && message || JSON.stringify(message))
.digest('hex') === signature
}
IP Whitelisting
When Voucherify sends a webhook, the Voucherify servers make network requests to tenants’ or third parties’ servers.
To add an additional layer of security, you can do IP whitelisting. This mechanism verifies if webhook requests come from Voucherify.
Voucherify sends webhooks from the IP ranges below. Add all three addressses for your instance.
| Instance | IP |
|---|---|
| eu1 | 34.247.197.22 63.32.191.141 52.215.148.84 |
| us1 | 100.25.106.67 18.209.236.215 34.192.255.99 |
| as1 | 52.76.98.82 54.169.8.101 13.214.87.160 |
Webhooks Available in Project Settings
These webhooks are triggered by the events listed in the Project settings.
The following events can send a webhook:
- Redemption events:
- Publication event:
- Customer events:
- Voucher events:
- Campaign events:
- Promotion tier events:
- Business validation rule events:
Project Setting Webhook Payload
| Attributes | Description | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
idstring | Unique identifier of the sendout for this webhook. Example:whs_0e16e42bc6e0c65b57 | ||||||||||||||||||||||||||||
project_idstring | Unique identifier of the Voucherify project. Example:proj_5T4Rpl4T1nuM | ||||||||||||||||||||||||||||
created_atstring | The exact moment when the webhook was created. Example:2024-01-01T11:11:11.111Z | ||||||||||||||||||||||||||||
typestring | Name of the event that triggerered the webhook sendout. Available values:business_validation_rule.assignment.created, business_validation_rule.assignment.deleted, business_validation_rule.created, business_validation_rule.deleted, business_validation_rule.updated, campaign.created, campaign.deleted, campaign.disabled, campaign.enabled, campaign.updated, campaign.promotion_tier.created, campaign.promotion_tier.deleted, campaign.promotion_tier.disabled, campaign.promotion_tier.enabled, campaign.promotion_tier.updated, campaign.vouchers.generation.completed, customer.created, customer.deleted, customer.rewarded, customer.rewarded.loyalty_points, publication.succeeded, redemption.failed, redemption.rollback.failed, redemption.rollback.succeeded, redemption.succeeded, voucher.created, voucher.deleted, voucher.disabled, voucher.enabled, voucher.gift.balance_added, voucher.gift.transaction.created, voucher.loyalty_card.points_added, voucher.loyalty_card.points_expired, voucher.loyalty_card.transaction.created, voucher.published, voucher.updated | ||||||||||||||||||||||||||||
dataobject | Payload depends on the event that triggered the webhook sendout. Project settings cover the following events:
| ||||||||||||||||||||||||||||
sourceobject | Contains details about the source of the webhook sendout.
| ||||||||||||||||||||||||||||
eventobject | Contains other data of the event that triggered the sendout.
|
Webhooks Available in Distributions
These webhooks are triggered by the events which cause distribution.
Some distribution events, e.g. Customer entered segment, have different purposes:
- Notify customers about promotion
- Send and publish unique codes from campaign
- Send plain message to customers
Distribution Webhooks
Learn more about configuring distribution webhooks from the Webhook distributions article.
The documentation of these events contains data for all purposes. The objects which are shared between the purposes are marked as required. The objects which appear only for specific purposes are respectively described.
- Segment related activities:
- Manual messages:
- Notify customers about promotion – covered by the MANUAL_DISTRIBUTION_SCHEDULE event
- Send and publish unique codes from a campaign – covered by the MANUAL_DISTRIBUTION_SCHEDULE event
- Send a plain message to customers – does not support webhooks as a distribution channel
- Cart related activities:
- Campaigns with codes:
- Voucher related activities:
- Customer related activities:
- Custom event
- Reward redeemed
- Customer was referred
- Loyalty tier related activities:
Campaign Distributions – Notifications
The following campaigns can also trigger webhook sendouts as a distribution:
- Loyalty campaigns:
- Referral campaigns:
- Send referral code to the referrer
- Customer referred (documentation in progress)
Distribution Webhook Payload
| Attributes | Description | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
idstring | Unique identifier of the sendout for this webhook. Example:whs_0e16e42bc6e0c65b57 | ||||||||||||||||||||||||||||
project_idstring | Unique identifier of the Voucherify project. Example:proj_5T4Rpl4T1nuM | ||||||||||||||||||||||||||||
created_atstring | The exact moment when the webhook was created. Example:2024-01-01T11:11:11.111Z | ||||||||||||||||||||||||||||
typestring | Displays the name entered in the | ||||||||||||||||||||||||||||
dataobject | Payload depends on the event that triggered the webhook sendout. Distributions cover the following events:
| ||||||||||||||||||||||||||||
sourceobject | Contains details about the source of the webhook sendout.
| ||||||||||||||||||||||||||||
eventobject | Contains other data of the event that triggered the sendout.
|