Articles on: API & Webhooks

How to Use AfterShip Shipping Webhook?

A webhook lets an application share real-time information with other apps. Since data transfer happens instantly, the popularity of webhooks is increasing rapidly these days.

With AfterShip Shipping webhook, you can receive the push update when the API is made asynchronously. Here’s how you can enable it:

👨‍💻 How to setup the Webhooks

Go to your AfterShip Shipping account’s ‘Webhooks’ settings
Add webhook URL

👨‍💻 Webhook Signature

Check for AfterShip's base64-encoded HMAC generated signature to verify all incoming webhook events to avoid replay attacks.

Webhooks includes a calculated digital signature for verification. Each webhook request includes a am-webhook-signature header. The signature is a base64-encoded HMAC generated using sha256 algorithm with webhook request body and webhook secret of your account.

Each webhook request could be verified by comparing the computed HMAC digest and the attached HMAC digest in header.

The following Node.JS example demonstrates the computation of a webhook signature.

const crypto = require('crypto');
const WEBHOOK_SECRET = "...."; // your webhook secret

function generateSignature(webhookPayloadString) {
    return crypto
        .createHmac('sha256', WEBHOOK_SECRET)
        .update(webhookPayloadString, 'utf8', 'hex')

const webhookPayloadString = JSON.stringify(webhookPayload);  // your webhook payload

const sign = generateSignature(webhookPayloadString);
console.log('hmac-sha256=' + sign);  // should be equal to `am-webhook-signature` value

Webhook secret can be obtained by going to Settings > Webhooks

👨‍💻 Webhook Outgoing IPs

If your service restricts reception by public IPs, please add all the following IPs to the allow list.

It’s done with no hassle 🤟

Updated on: 23/11/2023

Was this article helpful?

Share your feedback


Thank you!