Webhooks
Webhooks let your application receive real-time notifications when events occur in Products Manager — such as a product being updated or an import completing.
Event types
| Event | Description |
|---|---|
product.created | A new product was added to the catalog |
product.updated | A product's data was modified |
product.deleted | A product was removed |
import.completed | An import job finished successfully |
import.failed | An import job encountered errors |
export.completed | An export file is ready for download |
connector.sync_completed | A connector sync finished |
price_alert.triggered | A price monitoring alert was triggered |
Registering a webhook
Create a webhook endpoint via the API or the UI under Settings → Webhooks:
Create webhook
POST
/webhookscurl -X POST https://api.productsmanager.app/api/v1/webhooks \
-H "Authorization: Bearer {api_key}" \
-H "Content-Type: application/json" \
-d '{
"url": "https://yourapp.com/webhooks/pm",
"events": ["product.updated", "import.completed"],
"secret": "your_signing_secret"
}'
Webhook payload
Each webhook POST request contains a JSON body:
Webhook payload example
{
"id": "evt_01HQ...",
"event": "product.updated",
"timestamp": "2024-03-15T10:30:00Z",
"data": {
"ean": "3760000000001",
"title": "Produit exemple",
"updated_fields": ["price", "stock"]
}
}
Verifying signatures
Every webhook request includes an X-PM-Signature header — an HMAC-SHA256 signature of the raw request body, using your webhook secret.
Verify signature (Python)
import hmac
import hashlib
def verify_signature(payload: bytes, signature: str, secret: str) -> bool:
expected = hmac.new(
secret.encode(),
payload,
hashlib.sha256
).hexdigest()
return hmac.compare_digest(f"sha256={expected}", signature)
Verify signature (Node.js)
const crypto = require('crypto')
function verifySignature(payload, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex')
return crypto.timingSafeEqual(
Buffer.from(`sha256=${expected}`),
Buffer.from(signature)
)
}
Always verify the signature before processing a webhook payload. Reject requests where the signature does not match.
Retry policy
If your endpoint returns a non-2xx status code, Products Manager will retry delivery with exponential backoff:
| Attempt | Delay |
|---|---|
| 1st retry | 30 seconds |
| 2nd retry | 5 minutes |
| 3rd retry | 30 minutes |
| 4th retry | 2 hours |
| 5th retry | 8 hours |
After 5 failed attempts, the event is marked as undeliverable.