Documentation

Webhook Events

API Reference

You can set webhooks through API that enable you to receive notifications about events that happen in your stores.

These are the events available to retrieve with webhooks:

  • NEW_ORDER: New orders
  • ORDER_EVENT_CANCEL: Order cancellation events. See Cancellation Events
  • ORDER_OTHER_EVENT: Order events. See Order Events
  • MENU_APPROVED: Menu approval events.
  • MENU_REJECTED: Menu rejection events.
  • PING: This event enables the health check procedure
  • STORE_CONNECTIVITY: This event enables the store connectivity information process. (When the store is available or unavailable to operate)

Use the endpoints of the Webhooks resource to register and test webhooks in your stores.

Important

If you want to check the IP's from where the information is sent, you should ask your Project Manager

Webhook event payloads


NEW_ORDER


The NEW_ORDER event is going to send the same information that we can get from the getOrders endpoint for the order that fires the event. We can find more information about the body at the API reference

ORDER_EVENT_CANCEL


The ORDER_EVENT_CANCEL event will send the payload with the following format:

{
  "event": "canceled_with_charge",
  "order_id": "106",
  "store_id": "900109448"
}

Where event represents the name of the cancelled event.

Where order_id represents the id of the order.

Where store_id represents the id of the store in the rappi app.

ORDER_OTHER_EVENT


The ORDER_OTHER_EVENT event will send the payload with the following format:

{
  "event": "taken_visible_order",
  "order_id": "109",
  "store_id": "900109448"
}

Where event represents the name of the event.

Where order_id represents the id of the order.

Where store_id represents the id of the store in the rappi app.


The MENU_APPROVED event will send the payload with the following format:

{
  "store_id": "900109448",
  "message": "Menu Approved"
}

Where store_id represents the id of the store in the rappi app.

Where message is the menu approval message.


The MENU_REJECTED event will send the payload with the following format:

{
  "store_id": "900109448"
}

Where store_id represents the id of the store in the rappi app.

PING


The PING event will send the payload with the following format:

{
  "store_id": 999
}

Where store_id represents the id of the store in the rappi app.

STORE_CONNECTIVITY


The STORE_CONNECTIVITY event will send the payload with the following format:

{
  "external_store_id": "999",
  "enabled": false,
  "message": "The Store is not enabled to operate"
}

Where external_store_id (String) represents the id of the store configurated on your side.

Where enabled (boolean) represents with a binary value of the store is available to operate or not.

Where message (String) represents a message informing if the store is available or not.

Security

Our Public API has signatures for the security of its webhooks using a hash-based message authentication code (HMAC) with SHA-256 (Secure Hash Algorithm 2). Each request has its own signature which will come in the header with the name of Rappi-Signature and will have the following format

t=123456,sign=d74b65c2e68c1a84a4d5843a69ef5faf1d82f28df2dd3723e8e0dad9c54abc79

Important

Headers described in this portal are NOT case-sensitive. To get more information check this Link

Validating Your Signature

You can validate the signature that come in the header following the steps below

Important

To validate the signature, you will need the secret of your webhook.

  1. Extract the timestamp and signatures from the header.

    1.1 Separate with a comma "," to create a list.

    1.2 Separate each element again with "=" to obtain t and a sign.

    • t: Is the timestamp from the request
    • sign: Is the signature

  2. Create the signed_payload string by concatenating:

    • The timestamp

    • The character .

    • The actual payload

      Example:

      123456.{ "message" : "this is an example" }

  3. Compute an HMAC with the SHA256 hash function. Use the secret as the key, and use the signed_payload string as the message to determine the expected signature.

  4. Compare the signature in the header with the expected signature.

You can now ensure that the information is valid.

Note

Make sure you are taking the payload string in the same format that it arrives in order to avoid any differences in the signature

Store Connectivity

Inform the configured url of the news about a store's availability change.

Behaviour

A POST will be sent to the url configurated in the webhook with the following format:

{
  "external_store_id": "999",
  "enabled": false,
  "message": "The Store is not enabled to operate"
}

Where external_store_id (String) represents the id of the store configurated on your side.

Where enabled (boolean) represents with a binary value of the store is available to operate or not.

Where message (String) represents a message informing if the store is available or not.