# Webhooks

Webhooks are an essential tool for modern applications, allowing for real-time notification of events. Essentially, they operate as user-defined HTTP callbacks triggered by specific events in a service like Digital River. Digital River sends a POST request to the specified endpoint URL when an event occurs, delivering a payload with the event data. This mechanism enables your application to immediately react to various occurrences such as order updates, changes in subscription status, or refunds, ensuring your system stays in sync with the service events. Through the use of webhooks, developers can streamline workflows, enhance user experience, and maintain up-to-date data across systems without the need for polling.

You can use the [Webhook Service](https://help.digitalriver.com/help/gc/Administration/Webhook-Service/Webhook-service.htm) page in [Global Commerce](https://gc.digitalriver.com/gc/ent/login.do) or the [Webhooks API](https://docs.digitalriver.com/commerce-api-references/admin-apis/webhook-management/manage-webhook-events) to [search](/commerce-api/events/webhooks/searching-for-a-webhook.md), [create](/commerce-api/events/webhooks/creating-a-webhook.md), [edit](/commerce-api/events/webhooks/editing-a-webhook.md), [enable](/commerce-api/events/webhooks/enabling-or-disabling-webhooks.md), [disable](/commerce-api/events/webhooks/enabling-or-disabling-webhooks.md), and [delete ](/commerce-api/events/webhooks/deleting-a-webhook.md)webhooks. You can also [reveal ](/commerce-api/events/webhooks/revealing-a-webhooks-secret.md)and [rotate ](/commerce-api/events/webhooks/rotating-a-webhooks-secret.md)webhook secrets. When you register your webhook URLs with Digital River, Digital River creates a data object and sends webhook events that notify your application any time an event occurs. The data object includes the type of event and the data associated with that event.&#x20;

Digital River uses webhooks to notify your application (endpoint URL) when events occur in [Global Commerce](https://gc.digitalriver.com/gc/ent/login.do). A webhook contains the event and timestamp for the event. You can use the Webhooks Service in Global Commerce to [search](/commerce-api/events/webhooks/searching-for-a-webhook.md), [edit](/commerce-api/events/webhooks/editing-a-webhook.md), [create](/commerce-api/events/webhooks/creating-a-webhook.md), and [delete webhooks](/commerce-api/events/webhooks/deleting-a-webhook.md).

## **Webhook ID**

A Webhook ID is a unique identifier assigned to a specific webhook. This ID is crucial for managing webhooks, allowing precise control over operations such as search, edit, enable, disable, and delete. If you need to locate a particular webhook within Digital River's [Global Commerce](https://gc.digitalriver.com/gc/ent/login.do), knowing its Webhook ID will allow you to search for it directly on the Webhook Service page.

## **Endpoint URL**

An endpoint URL is the destination on your server to which Digital River sends webhook events. It's the URL where you receive and process the data payload from an event. The URL must start with `http://` or `https://` and be capable of returning a 2xx HTTP status code to acknowledge as an acknowledgment of event receipt. Failure to acknowledge events with a 2xx HTTP status code over several days may result in the endpoint being disabled by Digital River. It is important to properly configure and maintain your endpoint to ensure continuous reception and handling of webhook events.

## **Secret**

A secret is a unique key that Digital River uses to sign the payloads sent to your endpoint URL. This signature ensures the integrity and security of the data, confirming that the payload has not been tampered with in transit. You can view and change a webhook's secret from your account settings. Using this secret in your endpoint's verification process is crucial for confirming the authenticity of the received payloads.

You can [reveal ](/commerce-api/events/webhooks/revealing-a-webhooks-secret.md)and [rotate ](/commerce-api/events/webhooks/rotating-a-webhooks-secret.md)a webhook's secret in Global Commerce.

### Security practices for webhook data transmission

To ensure the confidentiality and integrity of the data transmitted via webhooks, consider the following practices:

1. **Use HTTPS**: Always use HTTPS for your endpoint URLs to ensure that data in transit is encrypted.
2. **Validate payload signatures**: Implement payload signature verification using the secret provided by Digital River. This confirms the data has not been altered.
3. **Limit retries**: To prevent denial-of-service (DoS) attacks, configure your server to limit retry attempts after unsuccessful deliveries.
4. **IP Safelisting**: If possible, [safelist the IP addresses](/commerce-api/events/webhooks/commerce-api-safelist.md) from which the webhooks originate to ensure you only accept incoming requests from trusted sources.
5. **Logging and monitoring**: Keep detailed logs of incoming webhook traffic and monitor for unusual patterns or failed verification attempts.
6. **Review and rotate secrets regularly**: Review and rotate your webhook secrets in Global Commerce to minimize the risk of unauthorized access.

By adhering to these security practices, you can significantly enhance the safety and reliability of your webhook integrations.

## **Status**

The status of a webhook indicates whether it is active and capable of sending or receiving data payloads. By default, the status is disabled, meaning no events will trigger payloads to be sent to the specified endpoint. You can [enable a webhook](/commerce-api/events/webhooks/enabling-or-disabling-webhooks.md) upon creation or change its status manually anytime afterward.

Enabling a webhook is straightforward and does not require additional confirmation. However, to manually [disable a webhook](/commerce-api/events/webhooks/enabling-or-disabling-webhooks.md), you must confirm this action by entering your case-sensitive username. This safeguard helps prevent accidental or unauthorized changes to your webhook's operational status.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.digitalriver.com/commerce-api/events/webhooks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.