Webhooks are a powerful tool for integrating real-time notifications into your application. They allow your system to receive updates when specific events occur on Woodcore, without needing to poll for changes. This guide explains how webhooks work on Woodcore, how to use them, and recommened practices for handling events effectively.

Alloweds Events

There are just a few limitations with the type of events that can trigger a hook on Woodcore. Almsot all the POST event are webhook enabled and you have the flexiblity to turn it on or off, disable or enable the hook and event based on your specific requirements.

Event Data & Security

Some perculiar details are sent on the header and body of every event, they’re signed and also travel with the signature for client’s server validation. See example below; 
POST /your_hook_path HTTP/1.1
Content-Type: application/json
x-wc-signature: e90f7a24c9009a07f4b404d1f40eefd26dac062e64bbb65781e99b099f864073
x-wc-user-action: action
x-wc-instruction: do not use if signature does not match

{
    event: "taxes-group",
    status: 200,
    event_state: "event.success",
    reference: "FMCS5sEAshkvhiAyDtnA",
    data: {
        request: null,
        response: {
            date_format: "dd MMMM yyyy",
            locale: "en",
            name: "tax group 1",
            resourceId: 55,
            tax_components: [
                {
                    start_date: "11 April 2016",
                    tax_component_id: 7
                }
            ]
        }
    }
}
Here are some comon ways to sign and validate the event hook on your server - AI can also be helpful generating usefull samples for you based on the language you write. 
const signature = crypto
  .createHmac("sha256", api_key)
  .update(JSON.stringify(req.body))
  .digest("hex");
if (signature == req.headers["x-swim-token"]) {
  // Body is signed and valid. Goodluck
}