Webhooks overview

Affonso sends signed HTTP POST requests when events occur (affiliates, referrals, commissions, sales, payouts, coupons). This page covers setup, security, retries, and testing. For event-specific payloads, see the dedicated pages (e.g., Affiliate events).

Setup

1. Create an endpoint in App → Affiliate Program → Webhooks.
2. Choose allowed events, copy the secret, and configure it in your receiver.
3. Respond with HTTP 2xx within 10s.

Retries and replay

• Exponential backoff (~48 hours total).
• 2xx = success; anything else is retried.
• Failed deliveries can be replayed from the webhook dashboard (non-success deliveries).

Testing checklist

1. Create a webhook endpoint in App → Affiliate Program → Webhooks.
2. Copy the secret and set it in your receiver.
3. Respond with 200 and a short body (e.g., {"ok":true}) within 10s.
4. Trigger an event (e.g., invite an affiliate or complete onboarding).
5. Check deliveries; use “Replay” if needed.

Event catalogs

• Affiliate events: see Affiliate webhook events (payload fields, examples).
• Weitere Events (Referrals, Commissions, Sales, Payouts, Coupons) folgen in separaten Seiten.

IP allowlisting

Prefer signature verification. Affonso sends from dynamic IPs.

Security

Every request is signed with HMAC-SHA256.

Headers:

• X-Affonso-Timestamp: Unix timestamp (seconds)
• X-Affonso-Signature: sha256(secret, "{timestamp}.{rawBody}")