Callback Configuration API

The Callbacks API manages webhook subscriptions for real-time event notifications from MasonHub. Register callback URLs to receive immediate notifications when events occur in the system, enabling responsive integrations and real-time data synchronization.

All callback URLs must use HTTPS for security. Configure verification tokens for enhanced authentication.

Core Operations

Get Callback URLs

Retrieve configured webhook subscriptions and their status information.

message_type
string
default:
"all"

Filter by message type or “all” for all types

Query Parameters

ParameterTypeDescriptionDefault
message_typestringFilter by message type or “all""all”

Create Callback URLs

Register webhook endpoints for real-time event notifications.

url
string
required

HTTPS webhook endpoint URL

message_type
string
required

Event type to subscribe to (e.g., “skuInventoryChange”, “orderEvent”)

api_version
string
required

API version for callbacks (currently “1.0”)

token
string

Optional verification token for enhanced security

“message_type”: “orderEvent”, “status”: “active” } ] }

</CodeGroup>

### Delete Callback URLs

```http
DELETE /callbacks
Authorization: Bearer your_jwt_token
Content-Type: application/json

[
  "callback-uuid-123",
  "callback-uuid-456"
]

Available Event Types

Inventory Events

skuInventoryChange: Real-time inventory level updates

snapshotReady: Bulk inventory snapshot completion

Order Events

orderEvent: Order status changes and fulfillment

orderUpdateResolution: Update request results

orderCancelResolution: Cancel request results

Fulfillment Events

inboundShipmentEvent: Receiving status updates

shipmentEvent: Outbound shipping notifications

Returns & Quality

rmaEvent: Return merchandise authorization updates

qualityEvent: Quality control status changes

Security & Authentication

HTTPS Requirement

All callback URLs must use HTTPS. HTTP URLs will be rejected for security reasons.

Verification Tokens

Enhance security with verification tokens:

{
  "url": "https://api.clienturl.com/webhook",
  "message_type": "orderEvent",
  "token": "your_encrypted_verification_token"
}

Tokens are included in callback payloads for verification.

Request Headers

MasonHub callback requests include identifying headers:

POST /your-webhook-endpoint
User-Agent: MasonHub-Webhook/1.0
Content-Type: application/json
X-MasonHub-Event: orderEvent
X-MasonHub-Delivery: uuid-delivery-id

Callback Payload Format

All callbacks use a consistent structure:

Delivery Guarantees

Reliability Features

1

At-least-once Delivery

Events may be delivered multiple times - design idempotent handlers

2

Retry Logic

Failed deliveries are retried with exponential backoff

3

Timeout Handling

Requests timeout after 30 seconds

4

Error Logging

Delivery failures are logged for troubleshooting

Response Requirements

Your webhook endpoints must:

HTTP 200 Response

Return HTTP 200 status for successful processing

Quick Response

Respond within 30 seconds to avoid timeouts

Idempotent Processing

Handle duplicate events gracefully using message_id

Error Handling

Return appropriate HTTP status codes for different scenarios

Callback Management

Callback Holds

Temporarily suspend callback delivery when needed:

GET /callback_holds
Authorization: Bearer your_jwt_token

List current callback holds by message type.

Use Cases for Holds

Implementation Examples

Python Flask Webhook

Node.js Express Webhook

const express = require('express');
const crypto = require('crypto');

const app = express();
app.use(express.json());

// Middleware for webhook verification
function verifyWebhook(req, res, next) {
  const token = req.body.token;
  const expectedToken = process.env.MASONHUB_TOKEN;
  
  if (expectedToken && token !== expectedToken) {
    return res.status(401).send('Unauthorized');
  }
  
  next();
}

// Idempotency tracking
const processedMessages = new Set();

app.post('/webhook/masonhub', verifyWebhook, async (req, res) => {
  try {
    const { message_type, message_id, data } = req.body;
    
    // Check for duplicate
    if (processedMessages.has(message_id)) {
      return res.status(200).send('Already processed');
    }
    
    // Mark as processed
    processedMessages.add(message_id);
    
    // Process based on message type
    switch (message_type) {
      case 'skuInventoryChange':
        await handleInventoryChange(data);
        break;
      case 'orderEvent':
        await handleOrderEvent(data);
        break;
      default:
        console.warn(`Unknown message type: ${message_type}`);
    }
    
    res.status(200).send('OK');
    
  } catch (error) {
    console.error('Webhook error:', error);
    res.status(500).send('Error');
  }
});

Testing & Development

Sandbox Environment

Test callbacks in the sandbox environment:

Sandbox Base URL

https://sandbox.masonhub.co/{account}/api/v1/callbacks

All callback types available for testing

Test Event Generation

Use DataFactory to trigger test events and validate your webhook handlers

Development Tools

# Install ngrok
npm install -g ngrok

# Expose local server
ngrok http 3000

# Use the HTTPS URL for callback registration
# https://abc123.ngrok.io/webhook/masonhub

Monitoring & Troubleshooting

Common Issues

Monitoring Best Practices

Response Time Monitoring

Track webhook response times to ensure sub-30-second processing

Error Rate Tracking

Monitor HTTP error rates and implement alerting for failures

Queue Depth Monitoring

Track async processing queue depth if using background processing

Duplicate Detection

Monitor duplicate message rates to optimize idempotency handling

Best Practices

Security

  1. Use HTTPS Only: Never accept HTTP callback URLs
  2. Verify Tokens: Implement token verification for all callbacks
  3. Rate Limiting: Implement rate limiting on webhook endpoints
  4. Input Validation: Validate all incoming webhook data

Performance

  1. Quick Response: Return HTTP 200 within 30 seconds
  2. Async Processing: Queue heavy processing for background workers
  3. Idempotency: Handle duplicate events using message_id
  4. Error Handling: Return appropriate HTTP status codes

Reliability

  1. Monitoring: Implement comprehensive webhook monitoring
  2. Alerting: Set up alerts for webhook failures
  3. Logging: Log all webhook events for troubleshooting
  4. Testing: Regularly test webhook endpoints

Next Steps

After implementing callback configuration, explore:

Shipment TrackingDataFactory Testing