1. Can you provide an example of how to use a webhook?
By setting up webhooks and testing them, you can automate actions based on the events occurring in your Buy Me a Coffee account. To set up a webhook, follow these steps:
Please copy and paste this URL: https://www.buymeacoffee.com/webhooks, or click on it.
Click on the "Create New Webhook" button.
Add your webhook URL and select the events for which you want to receive notifications. You can choose multiple events if needed.
Once you've configured the webhook, click the "Create" button. Your webhook is now created and active.
You can click on the webhook to edit it further or perform testing. If you want to create another webhook, click the "Create New Webhook" button and follow the same steps.
To send a test, click on the "Send Test" button.
Choose the event for which you want to perform the test.
After seeing the Test request preview, hit the "Send Test" button to complete the test. You'll then see the Test request preview results.
2. What is the header that contains the verification token for webhooks?
The header containing the webhook verification token is called "x-signature-sha256." This header holds the webhook signature, which is used to verify the authenticity and integrity of the webhook payload during transmission.
3. What all events are included in the webhooks?
You can set up event notifications for various actions on your platform, including one-time support transactions and refunds, purchases and refunds of extras, every commission ordered and refunded, as well as refunds made on contributions. Additionally, you can receive notifications when a new membership subscription is created, when the membership level is updated, or when a subscription is cancelled. These event notifications will be sent to your specified webhook endpoints, allowing you to process and respond to these actions efficiently within your application.
4. In webhooks for memberships, where can I find information about the membership "level"?
In webhooks for memberships, you can find information about the membership "level" in the membership object. This object contains fields such as membership_level_id and membership_level_name. These fields hold the relevant details about the specific membership level associated with the webhook event.
5. How do we validate the X-BMC signature, and where can we find a way to validate the webhook request?
Validating the X-BMC-Signature header in a webhook request is essential to ensure that the data received is genuine and hasn't been tampered with. Buy Me a Coffee generates this signature using your webhook's secret key and the request payload. To validate it, follow these steps:
Get your webhook secret key from your webhook configuration.
When a webhook request arrives at your server, extract the X-BMC-Signature header from the incoming HTTP request.
Recreate the signature locally by using the algorithm HMAC-SHA256 and webhook secret key to hash the request payload. Make sure to use the exact same payload as in the original webhook request.
Compare the locally generated signature with the value from the X-BMC-Signature header. If they match, the webhook request is authentic, and you can confidently process the data. If they don't match, reject the request as it might be altered or come from an unauthorized source.
6. I can successfully send and receive test webhooks, but why are purchase webhooks not reaching me anymore?
This could potentially be a bug that needs to be addressed. In such cases, don't hesitate to inform us by sending a message to [email protected]. We are here to assist you and ensure a smooth experience with our webhook functionality.