Webhooks
Alguna provides webhooks to notify you about events that happen in your account. Webhooks are a way to receive real-time notifications when an event occurs in Alguna. Webhooks are particularly useful for asynchronous events like when a new customer is created, a quote is activated, or an invoice is paid.
Format
Alguna follows the Standard Webhooks specification for its webhooks. The payload of the webhook will be a JSON object with the following structure:
{
"type": "invoice.issued",
"timestamp": "2024-08-03T20:26:10.344522Z",
"data": {
"id": "someid",
...
}
}
type- The type of event that occurred. The type will be a string that represents the event that occurred. For example,invoice.paid,quote.activatedtimestamp- The time at which the event occurred in RFC 3339 format.data- The data associated with the event. This will be a specific shape of object, depending on the event type.
Objects
Invoice
{
"id": "ZVzWRFnt",
"accountId": "aBsZxlLh",
"currency": "USD",
"description": "Platform subscription",
"billingPeriodStart": "2024-08-01T00:00:00Z",
"billingPeriodEnd": "2024-08-29T23:59:59Z",
"status": "processing",
"total": "200.00",
"createdAt": "2024-01-24T16:36:52.78883Z",
"updatedAt": "2024-01-26T19:30:37.734294Z"
}
Supported Events
Currently, Alguna supports the following events:
invoice.issued- Sent when an invoice is issued. Returns the invoice object.invoice.paid- Sent when an invoice is paid. Returns the invoice object.
Example
Combining the Standard Webhooks specification above, alongside the Invoice object, gives us the complete payload:
{
"type": "invoice.issued",
"timestamp": "2022-11-03T20:26:10.344522Z",
"data": {
"id": "ZVzWRFnt",
"accountId": "aBsZxlLh",
"currency": "USD",
"description": "Platform subscription",
"billingPeriodStart": "2024-02-01T00:00:00Z",
"billingPeriodEnd": "2024-02-29T23:59:59Z",
"status": "processing",
"total": "200.00",
"createdAt": "2024-01-24T16:36:52.78883Z",
"updatedAt": "2024-01-26T19:30:37.734294Z"
}
}
Responding to Webhooks
The way to indicate that a webhook has been processed is by returning a 2xx (status code 200-299) response to the webhook message within a reasonable time-frame (15s). It’s also important to disable CSRF protection for this endpoint if the framework you use enables them by default.
Verifying Webhooks
Webhook signatures is your way to verify that webhook messages are sent by us. For a more detailed explanation, check out this article on why you should verify webhooks.
Authenticating webhook signatures
To verify your webhooks, you will need to use the secret key that is provided in your account settings, along with headers and the payload that was sent to you.
Our webhook partner Svix offers a set of useful libraries that make verifying webhooks very simple. Here is a an example using Javascript:
import { Webhook } from "svix";
const secret = "whsec_MfKQ9r8GKYqrTwjUPD8ILPZIo2LaLaSw";
// These were all sent from the server
const headers = {
"svix-id": "msg_p5jXN8AQM9LWM0D4loKWxJek",
"svix-timestamp": "1614265330",
"svix-signature": "v1,g0hM9SsE+OTPJTGt/tmIKtSyZlE3uFJELVlNIOLJ1OE=",
};
const payload = '{"test": 2432232314}';
const wh = new Webhook(secret);
// Throws on error, returns the verified content on success
const payload = wh.verify(payload, headers);
IP Whitelist
In case your webhook receiving endpoint is behind a firewall or NAT, you may need to allow traffic from Svix’s IP addresses.
52.215.16.239
54.216.8.72
63.33.109.123
Retries
We attempt to deliver each webhook message based on a retry schedule with exponential backoff. Each message is attempted based on the following schedule, where each period is started following the failure of the preceding attempt:
- Immediately
- 5 seconds
- 5 minutes
- 30 minutes
- 2 hours
- 5 hours
- 10 hours
- 10 hours (in addition to the previous)
Disabling failing endpoints
If all attempts to a specific endpoint fail for a period of 5 days, the endpoint will be disabled.