How webhooks work
Your server processes the event
Parse the payload, verify the signature, and execute your business logic.
Event types
| Event | Trigger |
|---|---|
order.created | Payment succeeds and order is created |
order.confirmed | Restaurant confirms the order |
order.ready | Order is ready for pickup or delivery |
order.completed | Order is fulfilled |
order.cancelled | Order is cancelled by restaurant or customer |
cart.abandoned | Cart has been inactive for the configured timeout |
Payload format
Every webhook delivery sends aPOST request with a JSON body:
Verify webhook signatures
Every webhook includes aX-Crave-Signature header containing an HMAC-SHA256 signature. Verify it to ensure the request came from Crave.
Retry policy
If your endpoint returns a non-2xx status or times out (10 seconds), Crave retries with exponential backoff:| Attempt | Delay |
|---|---|
| 1st retry | 30 seconds |
| 2nd retry | 2 minutes |
| 3rd retry | 15 minutes |
| 4th retry | 1 hour |
| 5th retry | 4 hours |
Idempotency
Webhook deliveries may arrive more than once. Use theid field to deduplicate:
Common use cases
Send an order confirmation email:Test webhooks locally
Use a tunnel service to expose your local server during development:Next steps
Testing
Test your webhook handlers with mock events.
Deployment
Deploy your storefront and configure production webhooks.