Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.fourthwall.com/llms.txt

Use this file to discover all available pages before exploring further.

In addition to setting up webhooks through the dashboard, you can programmatically create and manage webhooks using the Platform API. This is useful for:
  • Automating webhook setup as part of your deployment process
  • Building integrations that dynamically configure webhooks
  • Managing webhooks across multiple shops programmatically

Creating a Webhook

Use the POST /webhooks endpoint to create a new webhook subscription: 
curl -u "your_username:your_password" \
  -X POST "https://api.fourthwall.com/open-api/v1.0/webhooks" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.com/webhooks/fourthwall",
    "allowedTypes": ["ORDER_PLACED", "ORDER_UPDATED", "DONATION"]
  }'
The response includes the webhook configuration with its ID and secret key: 
{
  "id": "wcon_P-VkRfmJTBaC6_Tst22cew",
  "url": "https://your-server.com/webhooks/fourthwall",
  "allowedTypes": ["ORDER_PLACED", "ORDER_UPDATED", "DONATION"],
  "secret": "e3f93c7c-c92b-4b8f-a9b1-5b70e0891abc"
}
Store the secret value securely - you’ll need it to verify webhook signatures.

Complete Example: Create, Receive, and Verify

Here’s a complete flow showing how to set up a webhook programmatically and handle incoming events: Step 1: Create the webhook 
import requests

# Create webhook subscription using Basic Auth
response = requests.post(
    "https://api.fourthwall.com/open-api/v1.0/webhooks",
    auth=("your_username", "your_password"),
    json={
        "url": "https://your-server.com/webhooks/fourthwall",
        "allowedTypes": ["ORDER_PLACED"]
    }
)

webhook_config = response.json()
webhook_secret = webhook_config["secret"]  # Store this securely!
Step 2: Receive and verify webhook events 
import hmac
import hashlib
import base64
from flask import Flask, request, jsonify

app = Flask(__name__)
WEBHOOK_SECRET = "your_stored_secret"

def verify_signature(payload, signature_header):
    """Verify the webhook signature matches."""
    digest = hmac.new(
        WEBHOOK_SECRET.encode('utf-8'),
        payload,
        digestmod=hashlib.sha256
    ).digest()
    computed_signature = base64.b64encode(digest).decode('utf-8')
    return hmac.compare_digest(computed_signature, signature_header)

@app.route('/webhooks/fourthwall', methods=['POST'])
def handle_webhook():
    # Get the signature from headers
    signature = request.headers.get('X-Fourthwall-Hmac-SHA256')

    # Verify the signature
    if not verify_signature(request.data, signature):
        return jsonify({"error": "Invalid signature"}), 401

    # Parse the webhook payload
    event = request.json

    # Handle different event types
    if event["type"] == "ORDER_PLACED":
        order_data = event["data"]
        print(f"New order received: {order_data['friendlyId']}")
        # Process the order...

    # Always return 200 to acknowledge receipt
    return jsonify({"status": "received"}), 200

API Endpoints

The Platform API provides these endpoints for webhook management:
EndpointDescription
POST /webhooksCreate a new webhook subscription
GET /webhooksList all webhooks
GET /webhooks/Get a specific webhook
PUT /webhooks/Update a webhook
DELETE /webhooks/Delete a webhook