# Creating a webhook You can create a webhook to send notifications in five easy steps. 1. [Open your firewall to trusted Digital River IP addresses](#step-1-open-your-firewall-to-trusted-digital-river-ip-addresses) 2. [Create a webhook endpoint](#step-2-create-a-webhook-endpoint) 3. [Create webhooks](#step-3-create-webhooks) 4. [Respond to webhook events](#step-4-respond-to-webhook-events) 5. [Check signatures](#step-5-check-signatures) ## Step 1: Open your firewall to trusted Digital River IP addresses To receive webhook notifications from Digital River, you must open your firewall to all the IP addresses listed in the [Digital River safelist](/digital-river-api/order-management/events-and-webhooks-1/webhooks/digital-river-safelist.md). ## Step 2: Create a webhook endpoint You can send webhook data as JSON in the POST request body. The POST request body contains the complete event details, which you can use after parsing the JSON into an [Event ](https://docs.digitalriver.com/digital-river-api-reference/2021-12-13/events)object. ## Step 3: Create webhooks When creating a webhook from the Digital River Dashboard, you need to determine the type of authentication you want to use (either none, [basic](/digital-river-api/order-management/events-and-webhooks-1/webhooks/creating-a-webhook.md#http-transport-type), or [OAuth](/digital-river-api/order-management/events-and-webhooks-1/webhooks/creating-a-webhook.md#oauth-transport-type)) and add the endpoint. ### Create a webhook requiring basic authentication 1. From the Webhooks page, click **Create Webhook**.\ \ **Note:** An event triggers a webhook to notify you. The Create webhook page lists and describes the available events.

2. Toggle **Disabled** to **Enabled**. 3. If required, select the API version you want to associate with events from the **API Version** drop-down list. By default, the confidential key version is selected.

4. Click **HTTP** for the **Authentication method** and complete the **Endpoint URL**, **Username**, and **Password** fields.

5. Enter the URL for the endpoint in the **Endpoint URL** field. 6. You can select the checkbox next to each event you want to associate with the endpoint or the **Events Selected** checkbox to select all events. At least one event type must be selected. 7. Scroll down and click **Save**. ### Create a webhook requiring OAuth authentication 1. From the Webhooks page, click **Create Webhook**.

2. Toggle **Disabled** to **Enabled**. 3. If required, select the API version you want to associate with events from the **API Version** dropdown list. By default, the confidential key version is selected.

4. Click **OAuth** for the **Authentication method**.

5. Select one of the following options from the Grant type drop-down list and complete the associated fields.

* **Password**\ ![](/files/LTXxMnkLzfiSJ0e9KwrM) * **Client credentials**\ \ ![](/files/DDWXPHisjvDYMNv9P03E) 6. You can select[ the checkbox next to each event](/digital-river-api/order-management/events-and-webhooks-1/events-1/event-types.md) you want to associate with the endpoint or select the **Events Selected** checkbox to select [all events](/digital-river-api/order-management/events-and-webhooks-1/events-1/all-event-types.md). At least one event type must be selected. 7. Scroll down and click **Save**. ## Step 4: Respond to webhook events Your endpoint must return a `2xx` HTTP status code to acknowledge the receipt of an [event](/digital-river-api/order-management/events-and-webhooks-1/events-1/all-event-types.md). If it fails to acknowledge events for several days, it will be disabled. You did not receive the event if Digital River receives **any** [response codes](https://docs.digitalriver.com/digital-river-api-reference#response-status-codes) outside this range. For example, Digital River treats a URL redirection as a failure. Once you have verified your endpoint can receive, acknowledge, and handle events correctly: 1. Toggle from **Test** to **Production** in the Dashboard. 2. Go through the same configuration steps again to configure an endpoint for your production integration. The signing token is unique to each data mode if you use the same endpoint for both test and production modes. ## Step 5: Check signatures To verify signatures, you must retrieve your endpoint's token from the [Digital River Dashboard's](https://dashboard.digitalriver.com/a) Webhook settings. To see an endpoint's token: 1. From the Webhooks page on the Dashboard, click the **Reveal secret** token associated with the endpoint you want to verify. 2. Provide your credentials and click **Authenticate**. The **Token** field under **Signing secret** will display the token. See [Digital River signature](https://github.com/DigitalRiver/GitBook/blob/Digital-River-API/administration/dashboard/developers/webhooks/broken-reference/README.md) for more information. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.digitalriver.com/digital-river-api/administration/dashboard/developers/webhooks/creating-a-webhook.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.