Axisel / docs
Manage keys← Back to Axisel

Webhooks

Subscribe to events and we'll POST them to your server in real time. Use webhooks to keep external systems in sync — analytics, fulfillment, accounting, CRMs.

How it works

  1. Register an HTTPS endpoint in Admin → Developers and pick which events to subscribe to.
  2. We POST a signed JSON payload to your URL each time a matching event occurs.
  3. Your endpoint should return 2xx within 10 seconds. Anything else is treated as a failure.
  4. Failed deliveries are retried with exponential backoff: 1m → 5m → 30m → 2h → 6h → 24h. After 6 attempts, the delivery is abandoned.
  5. After 10 consecutive failures, the webhook is automatically disabled.

Request format

Every delivery is a JSON POST with these headers:

http
POST /your-endpoint HTTP/1.1 Content-Type: application/json User-Agent: Axisel-Webhooks/1.0 X-Axisel-Signature: sha256=<hex_hmac> X-Axisel-Topic: order.created X-Axisel-Delivery-Id: 7f3a9c1e-4b22-... X-Axisel-Webhook-Id: 67ed1234... { "id": "7f3a9c1e-4b22-...", "event": "order.created", "createdAt": "2026-05-21T14:32:00.000Z", "data": { /* full resource — same shape as the v1 API */ } }
Use X-Axisel-Delivery-Id to dedupe. We retry on failure, so the same event might arrive more than once if your handler is slow or temporarily unreachable.

Verifying signatures

Always verify the X-Axisel-Signature header before processing the payload. See signature verification for code samples.

Best practices

  • Respond 2xx as soon as you've persisted the event. Do heavy work asynchronously.
  • Dedupe on X-Axisel-Delivery-Id.
  • Always verify the signature — never trust the payload alone.
  • Use a stable, idempotent endpoint URL.
  • Monitor delivery failures from the Developers tab in admin.

Limits

  • Up to 10 webhook subscriptions per store.
  • Up to 12 distinct event types per subscription (you can subscribe to all of them).
  • Delivery payloads are capped at ~1MB.
  • Delivery logs are kept for 30 days, then purged.