Once an endpoint has been set up that is able to receive and decrypt the messages that are produced by the webhooks you have set up, you will start receiving the messages triggered by the actions your webhooks have been set up for.
The messages are made up of two parts. The first part of the message is headers, which contain information regarding the origin and trigger of the message, while the second part is the body of the message, which contains the encrypted data around the object itself that has been changed.
In the webhook message headers, you will find five custom headers from Shipmondo, which contain further information about the origin of the message. The five custom headers are as follows:
SMD-Resource-Type: contains information about which resource the webhook that created the message is using
SMD-Resource-Id: contains information about the ID value of the specific object that the message contains
SMD-Webhook-Id: contains information about the ID value of the webhook to which the message was sent
SMD-Action: contains information about which action triggered the message
SMD-User: contains information about which user performed the action that triggered the message
The body of the message is a JSON object that contains a key "data", which has an encrypted value.
An example of what the body of the message can look like can be seen here:
When you use JWT with HS256 on the value for "data", you get an object that contains the following information:
Webhook: the name of the webhook that sent the message
data: data body with a JSON object that corresponds to what you would get if you called the resource's GET endpoint through Shipmondo's API
URL: the URL of the endpoint to which the message was sent
An example of the above decrypted body can be seen here:
"ordered_at ": "2021-02-22T11:41:08.000+01:00",
"order_status ": "on_hold ",
"fulfillment_status ": "unfulfilled"