Webhook Events
You can set webhooks through API that enable you to receive notifications about events that happen in your stores.
These are the events available to retrieve with webhooks:
NEW_ORDER
: New ordersORDER_EVENT_CANCEL
: Order cancellation events. See Cancellation EventsORDER_OTHER_EVENT
: Order events. See Order EventsMENU_APPROVED
: Menu approval events.MENU_REJECTED
: Menu rejection events.PING
: This event enables the health check procedureSTORE_CONNECTIVITY
: This event enables the store connectivity information process. (When the store is available or unavailable to operate)
Use the endpoints of the Webhooks resource to register and test webhooks in your stores.
Important
If you want to check the IP's from where the information is sent, you should ask your Project Manager
Webhook event payloads
NEW_ORDER
The NEW_ORDER
event is going to send the same information that we can get from the getOrders endpoint for the order that fires the event. We can find more information about the body at the API reference
ORDER_EVENT_CANCEL
The ORDER_EVENT_CANCEL
event will send the payload with the following format:
{ "event": "canceled_with_charge", "order_id": "106", "store_id": "900109448" }
Where event represents the name of the cancelled event.
Where order_id represents the id of the order.
Where store_id represents the id of the store in the rappi app.
ORDER_OTHER_EVENT
The ORDER_OTHER_EVENT
event will send the payload with the following format:
{ "event": "taken_visible_order", "order_id": "109", "store_id": "900109448" }
Where event represents the name of the event.
Where order_id represents the id of the order.
Where store_id represents the id of the store in the rappi app.
MENU_APPROVED
The MENU_APPROVED
event will send the payload with the following format:
{ "store_id": "900109448", "message": "Menu Approved" }
Where store_id represents the id of the store in the rappi app.
Where message is the menu approval message.
MENU_REJECTED
The MENU_REJECTED
event will send the payload with the following format:
{ "store_id": "900109448" }
Where store_id represents the id of the store in the rappi app.
PING
The PING
event will send the payload with the following format:
{ "store_id": 999 }
Where store_id represents the id of the store in the rappi app.
STORE_CONNECTIVITY
The STORE_CONNECTIVITY
event will send the payload with the following format:
{ "external_store_id": "999", "enabled": false, "message": "The Store is not enabled to operate" }
Where external_store_id (String) represents the id of the store configurated on your side.
Where enabled (boolean) represents with a binary value of the store is available to operate or not.
Where message (String) represents a message informing if the store is available or not.
Security
Our Public API has signatures for the security of its webhooks using a hash-based message authentication code (HMAC) with SHA-256 (Secure Hash Algorithm 2). Each request has its own signature which will come in the header with the name of Rappi-Signature and will have the following format
t=123456,sign=d74b65c2e68c1a84a4d5843a69ef5faf1d82f28df2dd3723e8e0dad9c54abc79
Important
Headers described in this portal are NOT case-sensitive. To get more information check this Link
Validating Your Signature
You can validate the signature that come in the header following the steps below
Important
To validate the signature, you will need the secret
of your webhook.
-
Extract the timestamp and signatures from the header.
1.1 Separate with a comma "," to create a list.
1.2 Separate each element again with "=" to obtain
t
and asign
.t
: Is the timestamp from the requestsign
: Is the signature
-
Create the
signed_payload
string by concatenating:-
The timestamp
-
The character
.
-
The actual payload
Example:
123456.{ "message" : "this is an example" }
-
-
Compute an HMAC with the SHA256 hash function. Use the secret as the key, and use the
signed_payload
string as the message to determine the expected signature. -
Compare the signature in the header with the expected signature.
You can now ensure that the information is valid.
Note
Make sure you are taking the payload string in the same format that it arrives in order to avoid any differences in the signature
Store Connectivity
Inform the configured url of the news about a store's availability change.
Behaviour
A POST
will be sent to the url configurated in the webhook with the following format:
{ "external_store_id": "999", "enabled": false, "message": "The Store is not enabled to operate" }
Where external_store_id (String) represents the id of the store configurated on your side.
Where enabled (boolean) represents with a binary value of the store is available to operate or not.
Where message (String) represents a message informing if the store is available or not.