Webhooks basics

Webhooks are a way to notify your application when an event occurs, such as a new order. They allow for a deeper e-commerce integration of your shopping car with other systems.

Snipcart will send you a POST to a URL that you can provide in the dashboard.

If you're not familiar with webhooks, consider reading this post first.

Configure webhook URL

To configure this setting, first log into the Snipcart dashboard and head to Store configurations → Webhooks.

The URL you provide must be an absolute URL.

We present examples on how to consume Webhook requests further down this entry.

Secure your Webhook endpoint

If your data is protected and you want to make sure the request is coming from Snipcart, you can use the X-Snipcart-RequestToken header. We add this header to each request made to an external website. This is also true for webhooks requests. You can then use this token and call back our API—think of it as a handshake.

The endpoint you'll need to call is: https://app.snipcart.com/api/requestvalidation/{token}.

Here's an example in PHP:

protected function validateRequest($data)
        throw new Exception('Invalid request: no request token');
    $g = new Gateway();
    $g->init('https://app.snipcart.com/api/requestvalidation/' . $requestToken);
    $g->setopt('GET', 1);
    $g->setopt(CURLOPT_USERPWD, eventSnipcart::SNIPCART_API_KEY . ':');
    $g->setopt('HTTPHEADER', array('Accept: application/json'));
    $response = $g->exec();
    $status = $g->getInfoLast();

    if (empty($response) || $status['http_code'] != 200) {
        throw new Exception('Invalid request: no response');

    $response = @json_decode($response);
    if (!$response) {
        throw new Exception('Invalid request: response not json');
    if ($response->token !== $requestToken) {
        throw new Exception('Invalid request: invalid token');
    return true;

Another example in C#:

private bool RequestIsValid(HttpRequestBase request)
    var requestToken = Request.Headers["X-Snipcart-RequestToken"];

    if (requestToken == null)
        return false;

    var client = new HttpClient();
    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", "SECRET_API_KEY:".ToBase64());
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

    var response = client.GetAsync("https://app.snipcart.com/api/requestvalidation/" + requestToken).Result;

    var content = response.Content.ReadAsStringAsync().Result;
    var json = JsonConvert.DeserializeObject<ValidationToken>(content);

    if (!json.Resource.EndsWith("webhooks/receive") ||
        string.IsNullOrWhiteSpace(json.Token) ||
        !json.Token.Equals(requestToken, StringComparison.InvariantCultureIgnoreCase))
        return false;

    return response.IsSuccessStatusCode;

public class ValidationToken
    public string Token { get; set; }
    public string Resource { get; set; }