Skip to main content

2. Registration & Webhooks

The following methods are available via the AgriBackup SDK for this integration stage.

List Active Webhook Subscriptions

Retrieves all active webhook registrations registered for this organization. Cryptographic signing secrets are redacted for security.

import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.webhooks.getWebhooks(/* args */);
console.log(response.data);

Register Webhook Endpoint

Registers an enterprise URL to receive asynchronous compliance events like shipment.linked and polygon.verified. Webhook payloads are cryptographically signed using HMAC-SHA256 with the generated signing secret, and sent in the 'X-AgriBackup-Signature' header for verification.

To verify webhook authenticity:

  1. Extract the raw POST request body bytes/string.
  2. Extract the signature value from the 'X-AgriBackup-Signature' HTTP header.
  3. Calculate the HMAC-SHA256 hash of the raw body using the registered signing secret.
  4. Hex-encode the calculated hash.
  5. Perform a constant-time comparison between the hex-encoded hash and the header signature to avoid timing attacks.
import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.webhooks.registerWebhook(/* args */);
console.log(response.data);

Rotate Webhook Secret

Regenerates and returns a new HMAC-SHA256 signing secret for the specified webhook subscription.

import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.webhooks.rotateSecret(/* args */);
console.log(response.data);

Webhook Cryptographic Handshake (Ping)

Dispatches a mock 'webhook.ping' event to the registered URL using the configured signing secret. This allows enterprise infosec teams to validate their HMAC-SHA256 signature verification algorithms in isolation without triggering a live data ingestion.

import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.webhooks.pingWebhook(/* args */);
console.log(response.data);

Replay a DLQ message to the primary exchange

import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.webhooks.replayDlqMessage(/* args */);
console.log(response.data);

Replay multiple DLQ messages to the primary exchange

import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.webhooks.replayBulkDlqMessages(/* args */);
console.log(response.data);

Receive TRACES NT Clearance Webhook

import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.api.handleClearanceWebhook(/* args */);
console.log(response.data);

Retrieve permanently failed webhook payloads

Pulls failed webhook payloads from the Dead-Letter Queue (DLQ). These are messages that exhausted their retry limits.

import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.webhooks.getDlqMessages(/* args */);
console.log(response.data);

Delete a Webhook Registration

import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.webhooks.deleteWebhook(/* args */);
console.log(response.data);

Acknowledge and delete a DLQ message

import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.webhooks.deleteDlqMessage(/* args */);
console.log(response.data);

Acknowledge and delete multiple DLQ messages

import { AgriBackupClient } from 'agribackup';

const client = new AgriBackupClient('sk_live_...');
const response = await client.webhooks.deleteBulkDlqMessages(/* args */);
console.log(response.data);