Webhooks
Webhooks let Appetite push events to your endpoint as they happen, instead of you polling the API.
Configuring an endpoint
Set your HTTPS endpoint URL and choose which events to receive on the
Webhooks page. Appetite sends a POST request with a JSON
body for each event.
Event types
| Event | Description |
|---|---|
order.created | A new order was placed. |
order.updated | An existing order changed. |
order.cancelled | An order was cancelled. |
menu.updated | A restaurant's menu changed. |
payout.settled | A payout was settled. |
review.created | A new customer review was left. |
Verifying signatures
Every delivery includes an X-Appetite-Signature header — an HMAC-SHA256 of the
raw request body, keyed with your signing secret. Recompute it and compare to
confirm authenticity:
import crypto from 'crypto'
function verify(rawBody, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(rawBody)
.digest('hex')
return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected))
}
Find your signing secret on the Webhooks page. Regenerate it at any time — the previous secret stops working immediately.
Responding to events
Return a 2xx status within a few seconds to acknowledge receipt. Non-2xx
responses are retried with exponential backoff.