Prerequisites
You need:- A Terminal49 API key from the developer portal.
- A public HTTPS endpoint that accepts
POSTrequests. - A list of events your integration should receive.
- A place to store the webhook secret securely.
Create the webhook
You can create a webhook from the dashboard or API. To use the dashboard, open Developer Webhooks and click Create Webhook Endpoint. To use the API:Store the webhook secret
The webhook response includes asecret attribute. Store it in your secrets manager.
Terminal49 signs every webhook delivery with an HMAC SHA-256 digest of the raw request body. The digest is sent in the X-T49-Webhook-Signature header.
Verify the signature
Verify the signature before parsing or trusting the JSON body.Allowlist Terminal49 webhook IPs
Fetch the current source IP list from the List Webhook IPs endpoint and allowlist those addresses in your firewall or application. Cache the list and refresh it periodically. Do not rely on a hard-coded list in application code.Accept the notification
Your endpoint should return200, 201, 202, or 204 after it safely accepts the event. Any other response, including a timeout, triggers retries.
Terminal49 retries failed deliveries up to 12 times before marking the notification as failed.
Handle duplicate deliveries
Retries can deliver the same notification more than once. Usedata.id as the idempotency key for your processing log.
Monitor failed notifications
Use the Webhook Notifications API to review recent deliveries and spot the ones markeddelivery_status: failed:
Related
- Why Webhooks - conceptual overview
- Event Catalog - canonical event names
- Webhook Payloads - payload envelope and included resources
- Webhook Best Practices - reliability checklist
- Create a Webhook API Reference - request and response fields