Webhook

What's new in 4.3 (Launch on 17 Jun 2019)

* Add digital signature `aftership-hmac-sha256` in the request header

* This signature is generated by encrypting the webhook body with the webhook secret using SHA256

What's new in 4.2

Added 4 new fields under `msg` object:

  1. `order_promised_delivery_date` (String, YYYY-MM-DD)
    For example, "order_promised_delivery_date": "2019-04-23"
  2. `delivery_type` (String, Enum)
    For example, "delivery_type": "door_to_door"
    Available options: `pickup_at_store`, `pickup_at_courier`, `door_to_door`
  3. `pickup_location` (String)
    For example, "pickup_location": "Store branch"
  4. `pickup_note` (String)
    For example, "pickup_note": "some free text"

* Please take note that `checkpoint_time` and `expected_delivery` is a string that returns possible value: Empty String, YYYY-MM-DD, YYYY-MM-DDTHH:MM:SS, or YYYY-MM-DDTHH:MM:SS+TIMEZONE


How to setup the Webhooks

You can enable the webhook by going to Settings --> Triggers --> Webhook

Securing Webhooks

We currently support either HTTP or HTTPS urls, so you can have security by using an SSL-enabled url. But keep in mind that your endpoint is going to be wide-open on the internet, and you might not want others to be able to submit random data to your systems. At this time, aside from trying to keep the URL private, our best suggestion is to simply include a secret key in the URL that your provide and check the secret GET parameter in your scripts.

Retry Webhooks

AfterShip sent the events for each webhook URL with POSTs request. If the webhook URL doesn't return a 200 HTTPresponse code, that POST request will be re-attempted up to 14 times in increasing intervals: 2^number_of_fail x 30s

e.g.
If the attempt fail, AfterShip will retry the 2nd attempt 30s later.
If the 5th attempts fail, AfterShip retry the 6th attempt 960s later
If the 14th attempts fail, AfterShip retry not send out that webhook any more.


Webhook 4.3 (Launch on 17 Jun 2019)

What is the format of inbound webhooks?

MethodDescription
POST
application/json
When the tracking is updated and it triggers an update of one of your trigger setting, we make a POST request to the callback URL that you defined in the webhook page.The post body contains a JSON string of the below data.
  • ts - UTC unix timestamp that the event occurred
  • event - the name of the event (for tracking update, the value will be 'tracking_update')
  • event_id - UUID v4 format, to uniquely identify the webhook event
  • is_tracking_first_tag - indicate if it is the first tracking update sent under a specific delivery tag. This allows application to send only the key updates to end users (e.g. the first in transit, the first failed attempt)
  • msg - details about the message for which the event occurred, in the following format.

Header

Body

Webhook 4.2

What is the format of inbound webhooks?

MethodDescription
POST
application/json
When the tracking is updated and it triggers an update of one of your trigger setting, we make a POST request to the callback URL that you defined in the webhook page.The post body contains a JSON string of the below data.
  • ts - UTC unix timestamp that the event occurred
  • event - the name of the event (for tracking update, the value will be 'tracking_update')
  • event_id - UUID v4 format, to uniquely identify the webhook event
  • is_tracking_first_tag - indicate if it is the first tracking update sent under a specific delivery tag. This allows application to send only the key updates to end users (e.g. the first in transit, the first failed attempt)
  • msg - details about the message for which the event occurred, in the following format.

Header

Body