Skip to main content
Start with one HTTPS endpoint and subscribe only to the events your product needs.

Create a handler

Your handler should preserve the raw request body, verify the signature, reject invalid deliveries, deduplicate by event ID, and return a successful response quickly.
Node.js
app.post("/webhooks/4mica", rawBodyMiddleware, async (req, res) => {
  try {
    verifyWebhookSignature(req);
    const event = JSON.parse(req.body.toString("utf8"));

    if (await eventStore.has(event.id)) {
      return res.sendStatus(200);
    }

    await queue.publish("4mica-webhooks", event);
    await eventStore.record(event.id);

    return res.sendStatus(200);
  } catch (error) {
    return res.sendStatus(400);
  }
});

Choose events

Test before production

  1. Send a valid example payload from the event page.
  2. Send the same event ID twice and confirm the second delivery has no effect.
  3. Send events out of order and confirm your state remains correct.
  4. Send a modified body with an invalid signature and confirm it is rejected.
  5. Make the worker fail temporarily and confirm the event can be retried safely.
See webhook security before accepting live deliveries.