Webhooks Reference
Configure webhooks for real-time return event notifications and build integrations with your systems.
Webhooks allow external systems to receive real-time HTTP notifications when events occur in ReturnMate. Use webhooks to trigger workflows, sync data, or build custom integrations.
What Are Webhooks?
Webhooks are HTTP callbacks that notify your systems when something happens:
[ReturnMate Event] → [HTTP POST to your endpoint] → [Your system processes]
Available Webhook Events
RMA Events
| Event | Trigger |
|---|---|
rma.created | New RMA submitted |
rma.updated | RMA details changed |
rma.status_changed | Status transition |
rma.approved | Return approved |
rma.rejected | Return rejected |
rma.received | Package received at warehouse |
rma.inspected | Inspection complete |
rma.completed | Return fully processed |
rma.cancelled | Return cancelled |
Shipment Events
| Event | Trigger |
|---|---|
shipment.created | Label generated |
shipment.in_transit | Carrier pickup scan |
shipment.delivered | Delivery confirmed |
shipment.exception | Delivery issue |
Warranty Events
| Event | Trigger |
|---|---|
warranty.created | Warranty claim submitted |
warranty.approved | Claim approved |
warranty.resolved | Warranty case closed |
Financial Events
| Event | Trigger |
|---|---|
refund.initiated | Refund started |
refund.completed | Refund successful |
refund.failed | Refund failed |
credit.issued | Store credit created |
Inspection Events
| Event | Trigger |
|---|---|
inspection.started | Inspection begun |
inspection.completed | Inspection finished |
inspection.issue_found | Problem identified |
Setting Up Webhooks
Access Webhook Settings
Go to Settings → Integrations → Webhooks
Add Webhook Endpoint
Click Add Webhook and enter:
- Endpoint URL (HTTPS required)
- Description
- Secret key (for signature verification)
Select Events
Choose which events trigger this webhook.
Test Webhook
Click Send Test to verify your endpoint receives events correctly.
Activate
Enable the webhook when ready to receive live events.
Webhook Payload
Payload Structure
{
"event": "rma.created",
"timestamp": "2024-12-31T14:30:00Z",
"data": {
"rmaId": "rma_abc123",
"rmaNumber": "RMA-2024-001234",
"status": "pending",
"customer": {
"email": "customer@example.com",
"name": "John Smith"
},
"items": [...]
}
}
Headers
Webhooks include these headers:
| Header | Description |
|---|---|
X-ReturnMate-Event | Event type |
X-ReturnMate-Signature | HMAC signature |
X-ReturnMate-Timestamp | Event timestamp |
X-ReturnMate-Delivery-Id | Unique delivery ID |
Webhook Security
Signature Verification
Verify webhook authenticity using the signature:
const crypto = require('crypto');
function verifySignature(payload, signature, secret) {
const expectedSignature = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expectedSignature)
);
}
Best Practices
- Always verify signatures
- Use HTTPS endpoints only
- Validate event timestamps
- Handle duplicates (use delivery ID)
- Respond quickly (within 30 seconds)
Reliability
Retry Policy
Failed deliveries are retried:
| Attempt | Delay |
|---|---|
| 1 | Immediate |
| 2 | 1 minute |
| 3 | 5 minutes |
| 4 | 30 minutes |
| 5 | 2 hours |
| 6 | 6 hours |
After 6 failed attempts, the webhook is marked as failed.
Handling Failures
When webhooks fail:
- Check your endpoint is accessible
- Review error logs
- Fix issues and re-enable
- Request replay if needed
Idempotency
Handle potential duplicate deliveries:
- Store the delivery ID
- Check before processing
- Skip if already processed
Webhook Logs
Viewing Logs
- Go to Settings → Webhooks
- Click on a webhook
- View Delivery Log
Log Information
Each delivery shows:
- Timestamp
- Event type
- Response status
- Response time
- Payload (expandable)
- Error details (if failed)
Duplicate Handling
Why Duplicates Occur
Webhooks may be sent multiple times due to:
- Network issues
- Retry after timeout
- System recovery
Prevention Strategy
Implement idempotency in your handler:
async function handleWebhook(event) {
const deliveryId = event.headers['x-returnmate-delivery-id'];
// Check if already processed
if (await isProcessed(deliveryId)) {
return { status: 200, message: 'Already processed' };
}
// Process the event
await processEvent(event.body);
// Mark as processed
await markProcessed(deliveryId);
return { status: 200 };
}
Troubleshooting
Common Issues
| Problem | Solution |
|---|---|
| 403 Forbidden | Check endpoint authentication |
| Timeout | Optimise processing, respond faster |
| Invalid Signature | Verify secret key is correct |
| Missing Events | Check event subscription |
Testing Webhooks
Use tools like:
- ngrok for local testing
- Webhook.site for quick tests
- ReturnMate's test feature
Shopify Webhook Guidance
Handling Shopify Webhooks
ReturnMate also receives webhooks from Shopify. For your own integrations:
- Order Updates - Sync order changes
- Product Updates - Keep products current
- App Uninstalled - Handle disconnection
Reliability with Shopify
Shopify webhooks can also have reliability issues:
- Implement the same idempotency patterns
- Log all received webhooks
- Handle out-of-order delivery