Webhooks
Webhooks allow you to receive real-time notifications when events happen in your ibakepro account. Instead of polling the API, webhooks push data to your server as events occur.
Overview
When you configure a webhook endpoint, ibakepro will send HTTP POST requests to your URL whenever specified events occur. This enables you to build integrations that react to changes in real-time.
Setting up webhooks
- Log in to your ibakepro dashboard
- Navigate to Business > Developers > Webhooks
- Click Add Webhook Endpoint
- Enter your endpoint URL (must be HTTPS)
- Select the events you want to receive
- Click Create
Your webhook endpoint must use HTTPS and return a 2xx status code within 30 seconds to acknowledge receipt.
Webhook events
- Name
order.created- Description
A new order has been created.
- Name
order.updated- Description
An order has been modified (status change, items updated, etc.).
- Name
order.completed- Description
An order has been marked as completed.
- Name
order.cancelled- Description
An order has been cancelled.
- Name
customer.created- Description
A new customer has been added.
- Name
customer.updated- Description
Customer details have been modified.
- Name
expense.created- Description
A new expense has been recorded.
- Name
pantry.low_stock- Description
A pantry item has fallen below its minimum threshold.
Webhook payload
All webhook payloads follow this structure:
Webhook payload
{
"id": "whk_abc123",
"event": "order.created",
"created_at": "2025-01-15T10:30:00Z",
"data": {
"id": "ord_xyz789",
"order_number": 1001,
"status": "confirmed",
// ... full resource data
}
}
- Name
id- Type
- string
- Description
Unique identifier for this webhook delivery.
- Name
event- Type
- string
- Description
The event type that triggered the webhook.
- Name
created_at- Type
- timestamp
- Description
When the event occurred.
- Name
data- Type
- object
- Description
The full resource data at the time of the event.
Verifying webhooks
Each webhook request includes a signature header to verify authenticity:
X-Webhook-Signature: sha256=abc123...
Verify the signature by computing an HMAC-SHA256 hash of the request body using your webhook secret:
Signature verification
import crypto from 'crypto'
function verifyWebhookSignature(payload, signature, secret) {
const expectedSignature = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex')
return `sha256=${expectedSignature}` === signature
}
// In your webhook handler
app.post('/webhooks/ibakepro', (req, res) => {
const signature = req.headers['x-webhook-signature']
const isValid = verifyWebhookSignature(
JSON.stringify(req.body),
signature,
process.env.WEBHOOK_SECRET
)
if (!isValid) {
return res.status(401).send('Invalid signature')
}
// Process the webhook
const { event, data } = req.body
switch (event) {
case 'order.created':
handleNewOrder(data)
break
case 'order.updated':
handleOrderUpdate(data)
break
// ... handle other events
}
res.status(200).send('OK')
})
Retry policy
If your endpoint doesn't respond with a 2xx status code, ibakepro will retry the webhook:
- 1st retry: 5 minutes after initial attempt
- 2nd retry: 30 minutes after initial attempt
- 3rd retry: 2 hours after initial attempt
- Final retry: 24 hours after initial attempt
After all retries are exhausted, the webhook delivery is marked as failed.
Best practices
- Respond quickly - Return a 2xx response immediately, then process the webhook asynchronously
- Handle duplicates - Use the webhook
idto detect and ignore duplicate deliveries - Verify signatures - Always verify the webhook signature before processing
- Use HTTPS - Webhook endpoints must use HTTPS for security
- Log everything - Keep logs of received webhooks for debugging