Skip to main content

Register Webhook Endpoint

POST 

/api/v1/enterprise/eudr/webhooks

Registers an enterprise URL to receive asynchronous compliance events like shipment.linked and polygon.verified. Webhook payloads are cryptographically signed using HMAC-SHA256 with the generated signing secret, and sent in the 'X-AgriBackup-Signature' header for verification.

To verify webhook authenticity:

  1. Extract the raw POST request body bytes/string.
  2. Extract the signature value from the 'X-AgriBackup-Signature' HTTP header.
  3. Calculate the HMAC-SHA256 hash of the raw body using the registered signing secret.
  4. Hex-encode the calculated hash.
  5. Perform a constant-time comparison between the hex-encoded hash and the header signature to avoid timing attacks.

Request

Responses

Webhook successfully registered

Response Headers
    X-RateLimit-Remaining

    The number of requests remaining in the current rate limit window.

    X-RateLimit-Reset

    The time at which the current rate limit window resets in UTC epoch seconds.

    X-RateLimit-Limit

    The maximum number of requests you're permitted to make per hour.

    X-Trace-Id

    Unique request trace identifier

Callbacks

POST 

{$request.body#/targetUrl}

Fired when a batch shipment is successfully anchored.

Callbacks Responses

Successfully processed by enterprise