Creating a webhook

You can create a webhook to send notifications in five easy steps.

1. Open your firewall to trusted Digital River IP addresses

2. Create a webhook endpoint

3. Create webhooks

4. Respond to webhook events

5. Check signatures

Step 1: Open your firewall to trusted Digital River IP addresses

To receive webhook notifications from Digital River, you must open your firewall to all the IP addresses listed in the Digital River safelist.

Step 2: Create a webhook endpoint

You can send webhook data as JSON in the POST request body. The POST request body contains the complete event details, which you can use after parsing the JSON into an Event object.

Step 3: Create webhooks

When creating a webhook from the Digital River Dashboard, you need to determine the type of authentication you want to use (either none, basic, or OAuth) and add the endpoint.

Create a webhook requiring basic authentication

1. From the Webhooks page, click Create Webhook. Note: An event triggers a webhook to notify you. The Create webhook page lists and describes the available events.
2. Toggle Disabled to Enabled.

3. If required, select the API version you want to associate with events from the API Version dropdown list. By default, the confidential key version is selected.
4. Click HTTP for the Authentication method and complete the Username and Password fields.
5. Enter the URL for the endpoint in the Endpoint URL field.

6. Select the checkbox next to each event you want to associate with the endpoint, or select the Events Selected checkbox to select all events. At least one event type must be selected.

7. Scroll down and click Save.

Create a webhook requiring OAuth authentication

1. From the Webhooks page, click Create Webhook.
2. Toggle Disabled to Enabled.

3. If required, select the API version you want to associate with events from the API Version dropdown list. By default, the confidential key version is selected.
4. Click OAuth for the Authentication method.
5. Select one of the following options from the Grant type drop-down list and complete the associated fields.
6. Select the checkbox next to each event you want to associate with the endpoint or select the Events Selected checkbox to select all events. At least one event type must be selected.

7. Scroll down and click Save.

Step 4: Respond to webhook events

Your endpoint must return a 2xx HTTP status code to acknowledge the receipt of an event. If it fails to acknowledge events for several days, it will be disabled.

If Digital River receives any response codes outside this range, it indicates that you did not receive the event. For example, Digital River treats a URL redirection as a failure.

Once you have verified your endpoint can receive, acknowledge, and handle events correctly:

1. Toggle from Test to Production in the Dashboard.

2. Go through the same configuration steps again to configure an endpoint for your production integration.

The signing token is unique to each data mode if you're using the same endpoint for both test and production modes.

Step 5: Check signatures

To verify signatures, you must retrieve your endpoint's token from the Dashboard's Webhook settings. To see an endpoint's token:

1. From the Webhooks page on the Dashboard, click the Reveal secret token associated with the endpoint you want to verify.

2. Provide your credentials and click Authenticate. The Token field under Signing secret will display the token.

See Digital River signature for more information.