Webhooks

Webhooks allow your app to stay up to date with changes or respond to events in Whatnot. During the development preview, we support a growing set of event topics — each is documented on its own page in this section, and more may be added over time.

Webhooks will be sent from Whatnot via an HTTP POST request with the following body:

The Webhook will also include Whatnot-specific headers:

To validate the Webhook, you must verify the X-Whatnot-Webhook-Signature header. The signature is calculated using the HMAC SHA256 algorithm with the request body and your app's webhook key. The webhook secret key will be provided to you by a Whatnot representative.

The POST request must be responded to with HTTP Status 200 OK. When a different code is received, the Webhook Event will attempt to retry up to 5 times over the next approximate 10 minutes.

During the preview period, please reach out to [email protected] to subscribe to a webhook. In your request, include your App ID, the URL that will receive POST requests, and the topic to subscribe to.

Some webhook fields contain customer or shipping data — shipping_address , tracking_info , and label_url . These are only populated for apps granted the read_customers scope. Without that scope the fields are omitted or null .

Monetary fields are objects with a string amount and an ISO 4217 currency code: