Webhooks

Setup webhooks

Webhooks are available from the following API endpoints: https://api.archilogic.com/v2/webhook

Before using webhooks, a destination endpoint must be set up which supports POST requests from the Archilogic domain.

Currently webhooks are supported for 2 resources: floor with available actions

type FloorAction = 'created' | 'updated' | 'published' | 'deleted' | 'archived' | 'unarchived'

and order with available actions

type OrderAction = 'created' | 'rejected' | 'completed'

Webhook payload example:

{
    "id": "aa366de5-c538-48ab-9dd4-2d205624d93e",
    "type": "event",
    "url": "https://webhook.site/179b5241-ab4f-42df-bdb4-7f3154c9177a",
    "resource": "floor",
    "action": "created",
    "createdAt": "2023-11-22T13:44:10.255Z",
    "data": {
      "id": "abaaea05-5070-4c77-bd6c-4f26c5b71340"
     }
}

Authentication

Archilogic secures webhook deliveries by including an HMAC signature in the x-archilogic-signature header of each request (note: only webhooks created after 9 Jan 2026). This allows you to verify that the request was sent by Archilogic and that its content has not been tampered with.

Verification process

The signingSecret required to validate the signature is provided in the webhook API response upon creation and can be retrieved via the GET webhook endpoint.

To verify a signature:

Retrieve the raw request body.
Compute the HMAC SHA256 hash of the body using your signingSecret.
Compare your computed hash against the value provided in the x-archilogic-signature header.

Implementation example (Node.js)

import crypto from 'crypto'

function verifySignature(payload: string, secret: string, signature: string): boolean {
  const expectedSignature = crypto.createHmac('sha256', secret).update(payload).digest('hex')

  return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature))
}

Rotating the signing secret

For enhanced security, the signingSecret can be rotated at any time. To generate a new secret, use the Update webhook endpoint and set the rotateSigningSecret property to true.

Create webhooks

Webhook objects must include the following required fields:

{
  active: boolean // webhook state
  action: WebhookActions // FloorAction | OrderAction
  resource: WebhookResources // 'floor' | 'order'
  url: string // format like 'https://{your_destination_url}'
}

Example:

const authorization = `Bearer ${secretToken}`
await fetch(`https://api.archilogic.com/v2/webhook`, {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    authorization
  },
  body: JSON.stringify({
    active: true,
    action: 'updated', // FloorAction | OrderAction
    resource: 'floor', // 'floor' | 'order'
    url: 'https://example.com'
  })
})

Check the Create webhook in the API reference for more details

Get all webhooks

Example:

const authorization = `Bearer ${secretToken}`
const webhooks = await fetch(`https://api.archilogic.com/v2/webhook`, {
  method: 'GET',
  headers: {
    'Content-Type': 'application/json',
    authorization
  }
})

Check the List webhooks in the API reference for more details

Get webhook by ID

Url path parameter :webhookId can be taken from the GET request.

const webhook = await fetch(`https://api.archilogic.com/v2/webhook/:webhookId`, {
  method: 'GET',
  headers: {
    'Content-Type': 'application/json',
    authorization
  }
})

Check the GET webhook in the API reference for more details

Update webhooks

Any of the webhook object's parameters could be passed to the request body.

Url path parameter :webhookId can be taken from the GET request.

Example:

const authorization = `Bearer ${secretToken}`
// Deactivate webhook
await fetch(`https://api.archilogic.com/v2/webhook/:webhookId`, {
  method: 'PATCH',
  headers: {
    'Content-Type': 'application/json',
    authorization
  },
  body: JSON.stringify({
    active: false
  })
})
// Change webhook destination url
await fetch(`https://api.archilogic.com/v2/webhook/:webhookId}`, {
  method: 'PATCH',
  headers: {
    'Content-Type': 'application/json',
    authorization
  },
  body: JSON.stringify({
    url: 'https://example1.com'
  })
})

Check the Update webhook in the API reference for more details

Delete webhooks

Url path parameter :webhookId can be taken from the GET request.

Example:

const authorization = `Bearer ${secretToken}`

await fetch(`https://api.archilogic.com/v2/webhook/:webhookId`, {
  method: 'DELETE',
  headers: {
    'Content-Type': 'application/json',
    authorization
  }
})

Check the Delete webhook in the API reference for more details

Webhooks ​

Setup webhooks ​

Authentication ​

Verification process ​

Implementation example (Node.js) ​

Rotating the signing secret ​

Create webhooks ​

Get all webhooks ​

Get webhook by ID ​

Update webhooks ​

Delete webhooks ​

Webhooks

Setup webhooks

Authentication

Verification process

Implementation example (Node.js)

Rotating the signing secret

Create webhooks

Get all webhooks

Get webhook by ID

Update webhooks

Delete webhooks