Spaaza provides webhooks which can post a standard JSON object to an external API endpoint. Webhooks are triggered by events in Spaaza and are commonly used to trigger another event in an external system - for example triggering an email to be sent when a customer receives a voucher.
Currently webhooks are configured manually by our team so please get in touch if you would like us to set one up for you.
We can configure a webhook URL that you provide. Whenever the receipt event occurs we send a simple POST request to the URL. The body of the POST is JSON that includes the object.
So that you can verify that the POST originates from Spaaza we provide a signature in a request header (X-Spaaza-Hmac-SHA256).
The value of the header is a base 64 encoded HMAC-SHA256 of the whole body of the request with a shared secret that we will provide. Your code to handle the event would need to recreate the signature using the shared secret and compare it to the value in the header.