Skip to main content

Webhooks

In the Lochting software, webhooks are automated notifications that send real-time event data to an external URL when something changes on the platform.

How it works

When a webhook is triggered, the platform sends a POST request to the URL you configured. The request body is a JSON payload with data relevant to the event.

Example payload:

{
"id": "order-76db8ac0-2d3a-45fc-956a-da4525361492",
"webhookId": "webhook-be3768e4-8caf-43b6-bb66-32c8cb00cede",
"webhookType": "orderStatusWasUpdated",
"on": "2020-02-25 10:20:30"
}

The on field in webhook payloads uses a space-separated datetime string. Other API date-time fields use ISO 8601 UTC strings (for example 2020-02-25T10:20:30+00:00).

Managing webhooks

Through the API you can create, list, delete, and test webhooks. Your API key must include the webhooks scope.

Use the Test Webhook endpoint during development to verify your endpoint receives and handles payloads correctly.

Security

For increased security, configure an optional secret per webhook. When set, the secret is sent with every call in the X-Webhook-Secret request header. Verify this header in your handler to ensure the request originated from Lochting.