Documentation | Artelo

Webhooks

A Webhooks allows Artelo to provide real-time information about various events.

Webhooks must return a response within 10 seconds. For this reason, long-running processes should be run asynchronously.

If a webhook request does not receive a successful response status, it will be retried using exponential backoff up to a maximum of 20 times. If the final attempt fails, the webhook will be deleted.

It is recommended to verify that webhook requests are coming from Artelo. The recommended method is to use the x-artelo-signature security header that you receive in each request. The value of this header corresponds to the SHA256 hash of the request body using your client secret.

const bodySignature = crypto
  .createHmac('sha256', process.env["WEBHOOK_SECRET"])
  .update(JSON.stringify(req.body)) // or disable body parsing
  .digest('hex');

if (bodySignature !== request.headers['x-artelo-signature']) {
  return res.status(400).json({
    code: 'invalid_signature',
    error: 'Signature does not match',
  });
}

const bodySignature = crypto
  .createHmac('sha256', process.env["WEBHOOK_SECRET"])
  .update(JSON.stringify(req.body)) // or disable body parsing
  .digest('hex');

if (bodySignature !== request.headers['x-artelo-signature']) {
  return res.status(400).json({
    code: 'invalid_signature',
    error: 'Signature does not match',
  });
}

Example of how to validate a webhook message.

Endpoints

GET

/webhooks/get

POST

/webhooks/save

DELETE

/webhooks/delete