Webhooks
Receive real-time notifications when events occur on the stemp platform.
Webhooks
Webhooks allow your application to receive real-time HTTP callbacks when events occur on the stemp platform.
Setup
- Navigate to your application settings in the Developer Portal.
- Add a webhook endpoint URL (must be HTTPS).
- Select the events you want to subscribe to.
- Save and note the signing secret.
Event Delivery
When an event occurs, stemp sends a POST request to your endpoint:
{
"id": "evt_abc123",
"type": "stamp.created",
"timestamp": "2025-01-15T10:30:00Z",
"data": {
// Event-specific payload
}
}Headers
| Header | Description |
|---|---|
Content-Type | application/json |
X-Stemp-Signature | HMAC-SHA256 signature for verification |
X-Stemp-Event | The event type |
X-Stemp-Delivery | Unique delivery ID |
Signature Verification
Verify webhook authenticity by checking the signature:
import { createHmac } from 'crypto'
function verifyWebhook(payload: string, signature: string, secret: string): boolean {
const expected = createHmac('sha256', secret)
.update(payload)
.digest('hex')
return `sha256=${expected}` === signature
}Always verify signatures before processing webhook payloads.
Retry Logic
If your endpoint returns a non-2xx status code, stemp retries delivery:
| Attempt | Delay |
|---|---|
| 1st retry | 1 minute |
| 2nd retry | 5 minutes |
| 3rd retry | 30 minutes |
| 4th retry | 2 hours |
| 5th retry | 24 hours |
After 5 failed attempts, the delivery is marked as failed.
Best Practices
- Return a
200response quickly; process events asynchronously. - Use the delivery ID to deduplicate events.
- Always verify the webhook signature.
- Handle events idempotently — you may receive the same event more than once.