Webhooks β
Use Wrenoβs webhooks to provide real-time updates about events occurring within your Wreno account.
When building Wreno integrations, you may want your application to react to events the moment they happen β like when a vendor is updated, a compliance status changes, or a document is submitted. Webhooks allow you to do just that, enabling your backend to execute actions in response to those events.
Wreno uses the Standard Webhooks specification and delivers events to your server over HTTPS via POST requests with a JSON payload.
π§ Webhook Setup β
Identify the Events You Want to Monitor
Review the Wreno API reference to find events marked with theWEBHOOKtag, such as:vendor.updatevendor.compliance.updatevendor.documents.update- See the full list of supported events
Create a Webhook Endpoint
See the Webhook Endpoint Requirements section for details on how to create a webhook endpoint that can receive and process incoming requests.
Register Your Endpoint
Contact our team at support@wreno.io to:- Register your webhook URL
- Share your desired event subscriptions
- Receive your webhook secret for signature validation
- Complete integration testing
π Webhook Endpoint Requirements β
Your endpoint must:
- Be publicly accessible via HTTPS
- Handle raw
POSTrequests withContent-Type: application/json - Respond within 10 seconds
- Return a 2xx status code for successful handling
WARNING
β οΈ Delayed or failed responses (non-2xx codes or timeouts) will result in retries with exponential backoff. This may lead to duplicate events if your endpoint is not idempotent.
π Supported Webhook Events β
| Event Name | Trigger |
|---|---|
vendor.update | A vendor's account is updated. |
vendor.compliance.update | A vendor's compliance status changes. |
vendor.document.submitted | A vendor submits documents. |
vendor.document.update | A vendor's document is reviewed/verified. |
vision.created | A vision task is queued for processing. |
vision.updated | A vision task is being processed and has an update. |
vision.completed | A vision task is completed. |
vision.failed | A vision task encounters an error during processing. |
verification.created | A verification task is queued for processing. |
verification.updated | A verification task is being processed and has an update. |
verification.completed | A verification task is completed. |
verification.failed | A verification task encounters an error during processing. |
π Retry Policy β
If a webhook delivery fails, Wreno will retry the delivery using exponential backoff, starting at 2 seconds between attempts and backing off exponentially up to 10 attempts total.
INFO
The retry policy is designed to ensure reliable delivery of events while minimizing the impact on your server. However, it is essential to implement idempotency in your webhook handler to avoid processing the same event multiple times.
π Signature Verification β
Each webhook request from Wreno includes two HTTP headers for validating authenticity:
| Header | Description |
|---|---|
webhook-id | A unique identifier for the webhook event |
webhook-timestamp | A UNIX timestamp in seconds when the message was sent |
webhook-signature | A HMAC-SHA256 signature using your webhook secret key |
TIP
We strongly recommend validating every incoming webhook using this signature to ensure it was sent by Wreno.
Example Code (Typescript) β
import { createHmac } from "crypto";
const secretKey = "your_secret_key";
function validateWrenoSignature(
secret: string,
expectedSignature: string,
webhookId: string,
timestamp: string,
payload: string | Buffer
): boolean {
const signatureString = `${webhookId}.${timestamp}.${payload}`;
const secretBytes = Buffer.from(secret.split("_")[1], "base64");
const signature = createHmac("sha256", secretBytes)
.update(signatureString)
.digest("base64");
return signature === expectedSignature;
}