In addition to standard SFTP data exports, the Thanx platform supports a variety of webhooks. These webhooks allow for integrating platforms to respond in realtime to changes to data resources in the Thanx platform.

If you are an existing integration partner, please reach out to our team at developer.support@thanx.com to have webhooks enabled.

Requirements

Webhook endpoints must be valid HTTPS URLs. Requests will be sent as POST requests and expect the receiving servers to respond to requests within 15 seconds.

By default, webhooks are not configured to retry if the receiving server responds with an error. Any missed data can be collected via bulk data transfer mechanisms.

Verification

To verify the authenticity of webhook requests, each webhook request includes a X-Thanx-Signature header that can be used to verify that the webhook was initiated by the Thanx platform. The X-Thanx-Signature is a hex-encoded HMAC-SHA256 signature of the request payload, using a webhook secret that can be provided by the Thanx team.

Example Verification:

require 'json'
require 'openssl'

# value of the `X-Thanx-Signature` request header
signature = '425bf0e847d0647d6e3449c7c1cddadc2095a98c954a7549da0d01c417b833fd'
# webhook secret provided by Thanx
secret = 'f19ce124-48e4-45fb-b39b-4f9e3e1d4b1b'
# webhook request payload body
payload = {
  "purchase": {
    "id": "bd4163e4ea5e168431fdc4b8d1ea061f",
    "amount": "7.76",
    "purchased_at": "2024-03-26T21:38:36.000Z",
    "event": "create",
    "user": {
      "id": "675c038cfc5f43591718936c18080855",
      "email": "example@thanx.com",
      "first_name": "Thanx",
      "last_name": "Example"
    },
    "merchant": {
      "id": "a91f75a0dc2cc54a62ad8a1a05b9fa6b",
      "name": "Thanx Restaurant"
    },
    "location": {
    },
    "order": {
    },
    "products": [
      "Latte"
    ]
  }
}.to_json

# the following will return true
OpenSSL::HMAC.hexdigest('sha256', secret, payload) == signature