Webhook of the week - WooCommerce
WooCommerce is a popular open source e-commerce solution, and it’s great to see they have first class support for webhooks. Their documentation is very end-user oriented giving all the details needed to configure webhooks in their dashboard. The details needed for development are covered in their API documentation.
They provide a nice set of well named events for customers, orders, products, and more. I prefer webhooks that can be configured for multiple events per webhook, but it’s great to see they offer an API to create and delete webhook configurations. I would have expected HTTP status values of 201 for POST and 204 for DELETE, but that’s minor. The naming of the URL endpoint is a little odd as well.
I would love to see a timestamp when the event occurred, but happy to see a unique event ID as it always helps with idempotency. They put the event name and unique ID in HTTP headers, though personally I like it better in the actual HTTP payload.
They get a big shoutout for building in webhook logs in their dashboard. A nice addition that I see very rarely that helps understand the sender viewpoint on delivery of events. I do wish they provided a way to send a test event to verify the receiver implementation.
Always glad to see webhook sources that send a verification signature, and WooCommerce uses a pretty typical Base64 encoded HMAC-SHA256 of the payload and a shared secret sent as a signature in an HTTP header.
Overall a straight-forward new integration for Hookalu.