Webhooks API

Webhook endpoints for receiving notifications from external platforms and sending real-time events to your applications.

Incoming Webhooks

These endpoints receive webhooks from external platforms to trigger download token generation:

Shopify Orders

POST /webhooks/{orgId}/shopify

Receives order completion notifications from Shopify stores.

WooCommerce Orders

POST /webhooks/{orgId}/woocommerce

Handles order completions from WooCommerce WordPress sites.

Stripe Payments

POST /webhooks/stripe

Processes successful payments from Stripe checkout sessions.

Download Completion

POST /webhooks/{orgId}/download-complete

Notifies when a customer completes a download session.

Outgoing Webhooks

Configure Continuata to send real-time events to your applications:

Configuration

  1. Go to your Continuata dashboard
  2. Navigate to Settings → Integrations → Outgoing Webhooks
  3. Add your webhook endpoint URL
  4. Select events to receive
  5. Configure webhook secret for security
  6. Test with sample events

Event Types

token.created

New download token generated

download.started

Customer begins download

download.completed

Download finished successfully

token.expired

Download token expired

download.failed

Download encountered errors

product.uploaded

New product version uploaded

Webhook Security

Signature Verification

All webhooks include HMAC signatures for verification:

const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

// Usage
const isValid = verifyWebhook(
  req.body,
  req.headers['x-continuata-signature'],
  process.env.CONTINUATA_WEBHOOK_SECRET
);

Headers

  • X-Continuata-Event - Event type (download.started, etc.)
  • X-Continuata-Signature - HMAC-SHA256 signature
  • X-Continuata-Timestamp - Unix timestamp
  • X-Continuata-Id - Unique event ID for deduplication

Webhook Testing

Test your webhook endpoints during development:

Testing Tools

  1. Use ngrok or similar tools to expose local development servers
  2. Configure test webhook URL in Continuata dashboard
  3. Trigger test events using the dashboard webhook test feature
  4. Monitor webhook delivery logs in dashboard
  5. Verify proper event handling and response codes

Response Requirements

Your webhook endpoint must respond with HTTP 200 within 10 seconds. Failed deliveries will be retried with exponential backoff.

Webhook Examples

See platform-specific webhook implementations in ourShopify andStripe integration guides.

Downloads APIDocumentation Home