How to Use AfterShip Shipping Webhook?
A webhook lets an application share real-time information with other apps. Since data transfer happens instantly, the popularity of webhooks is increasing rapidly these days.
With AfterShip Shipping webhook, you can receive the push update when the API is made asynchronously. Here’s how you can enable it:
Go to your AfterShip Shipping account’s ‘Webhooks’ settings
Add webhook URL
Check for AfterShip's base64-encoded HMAC generated signature to verify all incoming webhook events to avoid replay attacks.
Webhooks includes a calculated digital signature for verification. Each webhook request includes a am-webhook-signature header. The signature is a base64-encoded HMAC generated using sha256 algorithm with webhook request body and webhook secret of your account.
Each webhook request could be verified by comparing the computed HMAC digest and the attached HMAC digest in header.
The following Node.JS example demonstrates the computation of a webhook signature.
Webhook secret can be obtained by going to Settings > Webhooks
If your service restricts reception by public IPs, please add all the following IPs to the allow list.
It’s done with no hassle 🤟
With AfterShip Shipping webhook, you can receive the push update when the API is made asynchronously. Here’s how you can enable it:
👨💻 How to setup the Webhooks
Go to your AfterShip Shipping account’s ‘Webhooks’ settings
Add webhook URL
👨💻 Webhook Signature
Check for AfterShip's base64-encoded HMAC generated signature to verify all incoming webhook events to avoid replay attacks.
Webhooks includes a calculated digital signature for verification. Each webhook request includes a am-webhook-signature header. The signature is a base64-encoded HMAC generated using sha256 algorithm with webhook request body and webhook secret of your account.
Each webhook request could be verified by comparing the computed HMAC digest and the attached HMAC digest in header.
The following Node.JS example demonstrates the computation of a webhook signature.
const crypto = require('crypto');
const WEBHOOK_SECRET = "...."; // your webhook secret
function generateSignature(webhookPayloadString) {
return crypto
.createHmac('sha256', WEBHOOK_SECRET)
.update(webhookPayloadString, 'utf8', 'hex')
.digest('base64');
}
const webhookPayloadString = JSON.stringify(webhookPayload); // your webhook payload
const sign = generateSignature(webhookPayloadString);
console.log('hmac-sha256=' + sign); // should be equal to `am-webhook-signature` valueWebhook secret can be obtained by going to Settings > Webhooks
👨💻 Webhook Outgoing IPs
If your service restricts reception by public IPs, please add all the following IPs to the allow list.
104.154.18.15
34.122.118.39
34.70.29.163
34.70.81.106
34.72.178.234It’s done with no hassle 🤟
Updated on: 23/11/2023
Thank you!