Webhooks API
Receive real-time notifications for events in your account
/webhooks/webhooks/webhooks/{id}/webhooks/{id}/webhooks/{id}/webhooks/{id}/testThe Webhook Object
| Field | Type | Description |
|---|---|---|
| id | string | Unique webhook identifier |
| name | string | Display name for the webhook |
| url | string | HTTPS endpoint to receive events |
| events | array | List of subscribed event types |
| active | boolean | Whether webhook is enabled |
| secret | string | Signing secret (shown once on creation) |
| createdAt | string | ISO 8601 creation timestamp |
| updatedAt | string | ISO 8601 last update timestamp |
Available Event Types
order.createdNew order placedorder.updatedOrder details changedorder.shippedOrder shipped with trackingorder.deliveredOrder marked as deliveredorder.cancelledOrder was cancelledorder.refundedOrder was refundedinventory.low_stockItem below reorder pointinventory.out_of_stockItem out of stockinventory.updatedInventory levels changedcommission.approvedCommission approved for payoutcommission.paidCommission paid outproduct.createdNew product addedproduct.updatedProduct details changedproduct.discontinuedProduct marked discontinuedCreate a Webhook
/webhooksCreate a new webhook subscription. The signing secret is only returned once during creation.
Store your secret securely
The webhook secret is only shown once when creating the webhook. Store it securely in your environment variables.
curl -X POST "https://gateway.regentherapy.com/api/v1/webhooks" \
-H "X-API-Key: rg_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"name": "Order Notifications",
"url": "https://your-server.com/webhooks/regen",
"events": ["order.created", "order.shipped", "order.delivered"],
"active": true
}'Webhook Payload Format
All webhook events follow a consistent format with event metadata and the associated data.
{
"id": "evt_xyz789",
"type": "order.shipped",
"createdAt": "2024-01-20T15:30:00Z",
"data": {
"orderId": "ord_abc123",
"orderNumber": "ORD-2024-0001",
"status": "SHIPPED",
"trackingNumber": "1Z999AA10123456784",
"carrier": "UPS",
"estimatedDelivery": "2024-01-23T00:00:00Z",
"shippedAt": "2024-01-20T15:30:00Z"
}
}Signature Verification
Every webhook request includes an X-Regen-Signature header. Always verify this signature to ensure the request came from Regen Therapy.
import crypto from 'crypto';
function verifyWebhookSignature(payload, signature, secret) {
const expectedSignature = crypto
.createHmac('sha256', secret)
.update(payload, 'utf8')
.digest('hex');
const trusted = Buffer.from(`sha256=${expectedSignature}`, 'utf8');
const untrusted = Buffer.from(signature, 'utf8');
return crypto.timingSafeEqual(trusted, untrusted);
}
// In your webhook handler:
app.post('/webhooks/regen', (req, res) => {
const signature = req.headers['x-regen-signature'];
const payload = JSON.stringify(req.body);
if (!verifyWebhookSignature(payload, signature, process.env.WEBHOOK_SECRET)) {
return res.status(401).send('Invalid signature');
}
// Process the webhook
const event = req.body;
console.log('Received event:', event.type);
res.status(200).send('OK');
});Respond quickly: Return a 2xx status within 5 seconds. Process events asynchronously.
Handle retries: We retry failed deliveries up to 5 times with exponential backoff.
Idempotency: Use the event id to deduplicate events.
Use HTTPS: Webhook URLs must use HTTPS for security.
Test first: Use the test endpoint to verify your integration before going live.