Webhooks
Subscribe to events and we'll POST them to your server in real time. Use webhooks to keep external systems in sync — analytics, fulfillment, accounting, CRMs.
How it works
- Register an HTTPS endpoint in Admin → Developers and pick which events to subscribe to.
- We POST a signed JSON payload to your URL each time a matching event occurs.
- Your endpoint should return
2xxwithin 10 seconds. Anything else is treated as a failure. - Failed deliveries are retried with exponential backoff:
1m → 5m → 30m → 2h → 6h → 24h. After 6 attempts, the delivery is abandoned. - After 10 consecutive failures, the webhook is automatically disabled.
Request format
Every delivery is a JSON POST with these headers:
httpPOST /your-endpoint HTTP/1.1 Content-Type: application/json User-Agent: Axisel-Webhooks/1.0 X-Axisel-Signature: sha256=<hex_hmac> X-Axisel-Topic: order.created X-Axisel-Delivery-Id: 7f3a9c1e-4b22-... X-Axisel-Webhook-Id: 67ed1234... { "id": "7f3a9c1e-4b22-...", "event": "order.created", "createdAt": "2026-05-21T14:32:00.000Z", "data": { /* full resource — same shape as the v1 API */ } }
ℹUse
X-Axisel-Delivery-Id to dedupe. We retry on failure, so the same event might arrive more than once if your handler is slow or temporarily unreachable.Verifying signatures
Always verify the X-Axisel-Signature header before processing the payload. See signature verification for code samples.
Best practices
- Respond
2xxas soon as you've persisted the event. Do heavy work asynchronously. - Dedupe on
X-Axisel-Delivery-Id. - Always verify the signature — never trust the payload alone.
- Use a stable, idempotent endpoint URL.
- Monitor delivery failures from the Developers tab in admin.
Limits
- Up to 10 webhook subscriptions per store.
- Up to 12 distinct event types per subscription (you can subscribe to all of them).
- Delivery payloads are capped at ~1MB.
- Delivery logs are kept for 30 days, then purged.