Webhook Events
After every order that is confirmed by a user, Sardine will fire off a webhook to a URL designated by the developer.- NFT Checkout
- Payouts
A sample webhook ⬇️For NFT Checkout, the different webhooks that can be expected are:
| webhook | description |
|---|---|
| draft | Client has created an order and redirected user to purchase |
| expired | User did not confirm the purchase and order expired |
| declined | User attempted a purchase but their payment attempt was declined |
| cancelled | Order was cancelled |
| processing | Order was confirmed, waiting for payment |
| processed | Payment was processed successfully |
| complete | Order was executed and delivered to user |
- Provide your webhook URL to your Sardine Integration Manager
- Your Sardine IM will set this up and then provide you with a signing_secret
- Construct the signedContent by concatenating the id, timestamp and payload, separated by the full-stop character (.). In code, it will look something like:
signedContent = "${webhook-id}.${webhook-timestamp}.${body}"where body is the raw body of the request. - To calculate the expected signature, you need to perform an HMAC hash on the
signedContentfrom above using the base64 portion of your signing secret (this is the part after the whsec_ prefix) as the key. So if your signing secret is:whsec_ABCDmcQ8DpB7J6Yn4eZqkt48KRPy3a8n, you’ll want to useABCDmcQ8DpB7J6Yn4eZqkt48KRPy3a8n - This generated signature should match what is sent in the
webhook-signatureheader; make sure to remove the version prefix and delimiter (e.g. v1,) before verifying the signature. Please note that to compare the signatures, it’s recommended to use a constant-time string comparison method in order to prevent timing attacks.