For Developers

Webhooks

Real-time notifications for payments, payouts, orders, and product updates via webhooks.

Overview

Webhooks allow your application to receive real-time notifications when events occur on ContentSellify. Instead of polling our API, webhooks push data to your endpoint automatically.

Base Webhook URL

https://api.contentsellify.com/webhooks

Event Types

💰 Payment Events

payment.completed- Customer payment processed successfully

payment.failed- Payment processing failed

payment.refunded- Payment refunded to customer

📦 Order Events

order.created- New order placed

order.completed- Order fulfilled and delivered

order.cancelled- Order cancelled by user or system

💸 Payout Events

payout.processing- Payout request initiated

payout.completed- Funds transferred to seller account

payout.failed- Payout failed (invalid bank details, etc.)

🛍️ Product Events

product.approved- Product approved and published

product.rejected- Product submission rejected

product.updated- Product changes approved and applied

Webhook Payload Structure

All webhook events follow this structure:

{
  "id": "evt_1234567890",
  "type": "payment.completed",
  "created_at": "2024-01-15T10:30:00Z",
  "data": {
    "order_id": "ord_abc123",
    "amount": 4999,
   "currency": "usd",
    "customer": {
      "id": "cus_xyz789",
      "email": "customer@example.com"
    },
    "product": {
      "id": "prod_456",
      "title": "React Master Course",
      "seller_id": "sel_def456"
    }
  }
}

Setup Webhooks

1
Go to Dashboard → API Settings → Webhooks
2
Click Create Webhook Endpoint
3
Enter your endpoint URL (must be HTTPS)
Example: https://yourapp.com/api/webhooks
4
Select which events you want to receive
5
Save your Signing Secret - you'll need this to verify webhooks

Verify Webhook Signature

Always verify webhook signatures to ensure requests come from ContentSellify:

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const hash = crypto
    .createHmac('sha256', secret)
    .update(JSON.stringify(payload))
    .digest('hex');
    
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(hash)
  );
}

// Example usage in Express.js
app.post('/webhooks', (req, res) => {
  const signature = req.headers['x-webhook-signature'];
  const isValid = verifyWebhookSignature(
    req.body,
    signature,
    process.env.WEBHOOK_SECRET
  );
  
  if (!isValid) {
    return res.status(401).json({ error: 'Invalid signature' });
  }
  
  // Process webhook event
  const { type, data } = req.body;
  
  switch (type) {
    case 'payment.completed':
      handlePaymentCompleted(data);
      break;
    case 'order.created':
      handleOrderCreated(data);
      break;
    // ... handle other events
  }
  
  res.status(200).json({ received: true });
});

Best Practices

⚡ Respond Quickly

Return a 200 OK response within 5 seconds. Process heavy tasks asynchronously in the background.

🔄 Handle Retries

We retry failed webhooks up to 3 times with exponential backoff. Make your endpoint idempotent to handle duplicate events.

🔒 Always Verify Signatures

Never trust webhook payloads without verifying the signature. This prevents attackers from sending fake events.

📝 Log All Events

Keep detailed logs of received webhooks for debugging and audit trails.

Testing Webhooks

Test webhooks using our CLI or dashboard:

# Install ContentSellify CLI
npm install -g @contentsellify/cli

# Forward webhooks to local development server
contentsellify webhooks listen --forward-to http://localhost:3000/api/webhooks

# Send test webhook
contentsellify webhooks test --event payment.completed

💡Tip: Use tools like ngrok to expose your local server for webhook testing during development.