Webhook Events

API Reference

You can set webhooks through API that enable you to receive notifications about events that happen in your stores.

These are the events available to retrieve with webhooks:

  • NEW_ORDER: New orders
  • ORDER_EVENT_CANCEL: Order cancellation events. See Cancellation Events
  • ORDER_OTHER_EVENT: Order events. See Order Events
  • MENU_APPROVED: Menu approval events.
  • MENU_REJECTED: Menu rejection events.
  • PING: This event enables the health check procedure
  • STORE_CONNECTIVITY: This event enables the store connectivity information process. (When the store is available or unavailable to operate)

Use the endpoints of the Webhooks resource to register and test webhooks in your stores.

Important

If you want to check the IP's from where the information is sent, you should ask your Project Manager

Webhook event payloads


NEW_ORDER


The NEW_ORDER event is going to send the same information that we can get from the getOrders endpoint for the order that fires the event. We can find more information about the body at the API reference

ORDER_EVENT_CANCEL


The ORDER_EVENT_CANCEL event will send the payload with the following format:

{ "event": "canceled_with_charge", "order_id": "106", "store_id": "900109448" }

Where event represents the name of the cancelled event.

Where order_id represents the id of the order.

Where store_id represents the id of the store in the rappi app.

ORDER_OTHER_EVENT


The ORDER_OTHER_EVENT event will send the payload with the following format:

{ "event": "taken_visible_order", "order_id": "344949817", "store_id": "10000682", "event_time": "2023-05-04 12:01:22", "additional_information": { "courier_data": { "id": 729365, "phone": "3118012176", "full_name": "Daletzi Karina Olmedo Plata", "last_name": "Olmedo Plata", "first_name": "Daletzi Karina", "profile_pic": null }, "eta_to_store": 147, "storekeeper_name": "Daletzi Karina Olmedo Plata" } }

Where event represents the name of the event.

Where order_id represents the id of the order.

Where store_id represents the id of the store in the rappi app.

Where event_time represents the day and time of the event.

Where additional_information represents detailed information about the order.


The MENU_APPROVED event will send the payload with the following format:

{ "store_id": "900109448", "message": "Menu Approved" }

Where store_id represents the id of the store in the rappi app.

Where message is the menu approval message.


The MENU_REJECTED event will send the payload with the following format:

{ "store_id": "900109448" }

Where store_id represents the id of the store in the rappi app.

PING


The PING event will send the payload with the following format:

{ "store_id": 999 }

Where store_id represents the id of the store in the rappi app.

The response should have the following format:

{ "status": "OK", "description": "Store on" }

status: this field is required, if the value is null or different to OK it will be considered as unavailable store.

description: this field is optional.

HOW DOES PING WORK?

OBJECTIVE Detect when a store loses connectivity and turn it off when a ping change from positive to negative occurs, in order to prevent future cancellations due to said lack of connectivity in the store to accept the take. This Ping must be implemented for each store and not on a central server.

FUNCTION The monitor receives a notification every time a store goes from being pinged positive to negative. Realizing this, he immediately sends himself to suspend the shop in question. As an administrator you can configure the number of strikes to apply the negative ping rules.

  1. When a webhook is configured, the ping is sent every 3 minutes, in case of not having a webhook and using Order Pulling, it will be evaluated every 3 minutes.
  2. Depending on the number of negative pings configured, a Negative Ping incident is generated.
  3. The time range configured for grace time will be 1 minute.
  4. The current number of strikes is set to 2 for all allies.
  5. Only after validating the intermittence time, the connectivity loss or recovery incident is generated according to its definition.

Importante

If you do not use webhooks, the evaluation every 3 minutes is done on the last time you downloaded orders, the grace time to determine if it is a negative ping is 1 minute

Important

There are stores that have split hours during the day, therefore, this schedule must be taken into account for the generation of the ping

Important

It is important to clarify that it does NOT apply to stores that have 24-hour hours

PING RULES

These are the following rules that we take into account

PING NEGATIVE This rule creates a Lost Connectivity incident, this incident is Status: Open awaiting a Positive Ping.

PING POSITIVE In this rule, an alert is triggered that looks for the Lost Connectivity incident Status: Open to change it to Status: Closed.

STORE_CONNECTIVITY


The STORE_CONNECTIVITY event will send the payload with the following format:

{ "external_store_id": "999", "enabled": false, "message": "The Store is not enabled to operate" }

Where external_store_id (String) represents the id of the store configurated on your side.

Where enabled (boolean) represents with a binary value of the store is available to operate or not.

Where message (String) represents a message informing if the store is available or not.

Security

Our Public API has signatures for the security of its webhooks using a hash-based message authentication code (HMAC) with SHA-256 (Secure Hash Algorithm 2). Each request has its own signature which will come in the header with the name of Rappi-Signature and will have the following format

t=123456,sign=d74b65c2e68c1a84a4d5843a69ef5faf1d82f28df2dd3723e8e0dad9c54abc79

Important

Headers described in this portal are NOT case-sensitive. To get more information check this Link

Validating Your Signature

You can validate the signature that come in the header following the steps below

Important

To validate the signature, you will need the secret of your webhook.

  1. Extract the timestamp and signatures from the header.

    1.1 Separate with a comma "," to create a list.

    1.2 Separate each element again with "=" to obtain t and a sign.

    • t: Is the timestamp from the request
    • sign: Is the signature
  2. Create the signed_payload string by concatenating:

    • The timestamp

    • The character .

    • The actual payload

      Example:

      123456.{ "message" : "this is an example" }
  3. Compute an HMAC with the SHA256 hash function. Use the secret as the key, and use the signed_payload string as the message to determine the expected signature.

  4. Compare the signature in the header with the expected signature.

You can now ensure that the information is valid.

Note

Make sure you are taking the payload string in the same format that it arrives in order to avoid any differences in the signature