Webhooks push real-time notifications to your server when events happen in your store.
How It Works
- Register a webhook endpoint URL in your admin dashboard
- When an event occurs, we send a POST request to your URL
- Your server processes the payload and returns a 2xx response
- If delivery fails, we retry with exponential backoff
Event Types
| Event | Trigger |
|---|
order.created | New order placed (online or POS) |
order.status_changed | Order status updated |
product.created | New product added |
product.updated | Product details changed |
customer.created | New customer registered |
inventory.changed | Stock level changed |
"event": "order.created",
"entity_id": "order-uuid-123",
"data": { "id": "order-uuid-123", "status": "pending", "total": 80.00 },
"timestamp": "2026-04-20T14:30:00Z"
| Header | Description |
|---|
Content-Type | application/json |
X-Tajir-Signature | HMAC-SHA256 signature |
X-Tajir-Event | Event type |
X-Tajir-Delivery | Unique delivery ID |
Verifying Signatures
Python
def verify_signature(payload: bytes, secret: str, signature: str) -> bool:
expected = hmac.new(secret.encode(), payload, hashlib.sha256).hexdigest()
return hmac.compare_digest(expected, signature)
JavaScript (Node.js)
const crypto = require('crypto');
function verifySignature(payload, secret, signature) {
const expected = crypto.createHmac('sha256', secret).update(payload).digest('hex');
return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
PHP
function verifySignature(string $payload, string $secret, string $signature): bool {
return hash_equals(hash_hmac('sha256', $payload, $secret), $signature);
Retry Policy
| Attempt | Delay |
|---|
| 1st retry | 1 minute |
| 2nd retry | 5 minutes |
| 3rd retry | 30 minutes |
| 4th retry | 2 hours |
| 5th retry | 12 hours |
After 5 failed attempts, the delivery moves to the Dead Letter Queue (DLQ). You can manually retry from the admin dashboard.
