Webhooks API

Webhook endpoints for receiving notifications from external platforms and sending real-time events to your applications.

Incoming Webhooks

These endpoints receive webhooks from external platforms to trigger download token generation:

Shopify Orders

POST /webhooks/{orgId}/shopify

Receives order completion notifications from Shopify stores.

WooCommerce Orders

POST /webhooks/{orgId}/woocommerce

Handles order completions from WooCommerce WordPress sites.

Stripe Payments

POST /webhooks/stripe

Processes successful payments from Stripe checkout sessions.

FastSpring Orders

POST /webhooks/{orgId}/fastspring

Processes order completions from FastSpring.

VibraCart Pro Orders

POST /webhooks/{orgId}/vibracartpro

Receives order notifications from VibraCart Pro stores.

Download Completion

POST /webhooks/{orgId}/download-complete

Notifies when a customer completes a download session.

Webhook Security

Signature Verification

All webhooks include HMAC signatures for verification:

const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

// Usage
const isValid = verifyWebhook(
  req.body,
  req.headers['x-continuata-signature'],
  process.env.CONTINUATA_WEBHOOK_SECRET
);

Webhook Examples

See platform-specific webhook implementations in ourShopify andStripe integration guides.

Downloads APIDocumentation Home