Creating a webhook

You can create a webhook to send notifications in five easy steps.

1. Open your firewall to trusted Digital River IP addresses

2. Create a webhook endpoint

3. Create webhooks

4. Respond to webhook events

5. Check signatures

Step 1: Open your firewall to trusted Digital River IP addresses

To receive webhook notifications from Digital River, you'll need to open your firewall to all the IP addresses listed in the Digital River safelist.

Step 2: Create a webhook endpoint

You can send webhook data as JSON in the POST request body. The POST request body contains the complete event details, and you can use it after parsing the JSON into an Event object.

Step 3: Create webhooks

When creating a webhook from the Digital River Dashboard, you need to determine the type of authentication you want to use (either, none, basic, or OAuth) and add the endpoint.

Create a webhook requiring basic authentication

1. From the Webhooks page, click Create Webhook. Note: An event triggers a webhook to send a notification to you. The Create webhook page lists and describes the available events.
2. Toggle Disabled to Enabled.

3. If required, select the API version you want to associate with events from the API Version dropdown list. By default, the confidential key version is selected.
4. Click HTTP for the Authentication method and complete the Username and Password fields.
5. Enter the URL for the endpoint in the Endpoint URL field.

6. Select the check box next to each event you want to associate with the endpoint or select the Events Selected check box to select all events. At least one event type must be selected.

7. Scroll down and click Save.

Create a webhook requiring OAuth authentication

1. From the Webhooks page, click Create Webhook.
2. Toggle Disabled to Enabled.

3. If required, select the API version you want to associate with events from the API Version dropdown list. By default, the confidential key version is selected.
4. Click OAuth for the Authentication method.
5. Select one of the following options from the Grant type drop-down list and complete the associated fields.
6. Select the check box next to each event you want to associate with the endpoint or select the Events Selected check box to select all events. At least one event type must be selected.

7. Scroll down and click Save.

Step 4: Respond to webhook events

Your endpoint must return a 2xx HTTP status code to acknowledge the receipt of an event. If the endpoint fails to acknowledge events over several days, your endpoint will be disabled.

If Digital River receives any response codes outside this range, it indicates that you did not receive the event. For example, Digital River treats a URL redirection as a failure.

Once you have verified your endpoint can receive, acknowledge, and handle events correctly:

1. Toggle from Test to Production in the Dashboard.

2. Go through the same configuration steps again to configure an endpoint for your production integration.

If you're using the same endpoint for both test and production modes, the signing token is unique to each data mode.

Step 5: Check signatures

To verify signatures, you need to retrieve your endpoint's token from the Dashboard's Webhook settings. To see an endpoint's token:

1. From the Webhooks page on the Dashboard, click the Reveal secret token associated with the endpoint you want to verify.

2. Provide your credentials and click Authenticate. The Token field under Signing secret will display the token.

See Digital River signature for more information.