Requirements
Webhook endpoints must be valid HTTPS URLs. Requests will be sent asPOST
requests and expect the receiving servers to respond to requests within 15
seconds.
By default, webhooks are not configured to retry if the receiving server
responds with an error. Any missed data can be collected via bulk data
transfer mechanisms.
Query Parameters
When configuring a webhook endpoint, query parameters may be appended to the URL. These parameters will be included with every webhook request. Example: https://example.com/webhook?client_id=abc123&env=sandbox In this example, Thanx will send eachPOST
request to the exact URL above,
including the query parameters.
Notes
- Query parameters are static and defined at the time the webhook URL is registered.
- They are not modified or validated by Thanx.
- Sensitive values should not be placed in query parameters.
Verification
To verify the authenticity of webhook requests, each webhook request includes aX-Thanx-Signature
header that can be used to verify that the webhook was
initiated by the Thanx platform. The X-Thanx-Signature
is a hex-encoded
HMAC-SHA256
signature of the request payload, using a webhook secret that can
be provided by the Thanx team.
Example Verification: