To receive messages about your shipments, orders and drafts using webhooks, it is important that the endpoint specified in the setup handles the messages accordingly.
There are some requirements for the endpoint being set up. If these are not met, it will not be possible either to create a webhook or read the messages that are sent to it. The requirements are described in the following points:
1. The endpoint uses HTTPS
The endpoint set up is required to use a valid SSL/TLS certificate to ensure the integrity of the data sent to the endpoint.
2. The endpoint can decrypt and process JWT data
The data sent to the endpoint will consist of a JSON object with a key "data". The value of this key will be an encrypted version of the data for a shipment, order or draft in your Shipmondo account as it stands after the action, that triggered the message, has been taken.
When creating a webhook in Shipmondo, you must enter a key. This key is used in Shipmondo to encrypt the data to be sent, while at the endpoint it is used to decrypt the data.
We use JWT to encrypt the data with the HS256 algorithm. It is therefore important that the endpoint defined uses the same algorithm and key to decrypt the value of the "data" key.
3. The endpoint returns an answer with a status of 200 within 5 seconds
When we send a message to the endpoint, it is required that a reply with status code 200 is returned within 5 seconds. If this is not the case, the connection will expire and the message will not be delivered. It's therefore recommended that data processing is limited as far as possible at the endpoint to which the message is sent in order to keep the response time low.