Webhooks
For engineers subscribing to Zellify funnel events. You'll have a consistent mental model for verifying, parsing, and handling retries. You need an HTTPS endpoint and the ability to verify HMAC-SHA256 signatures.
What Zellify sends#
Zellify ships one outbound webhook today: Registration. It fires when a funnel visitor submits their email at the registration step and clicks the button to advance.
Payment webhooks are not sent by Zellify. They are sent by Stripe, Paddle, or Solidgate to your endpoint. Zellify just ensures the metadata is right. See Payment events.
Delivery guarantees#
- Transport: HTTPS POST,
Content-Type: application/json. - Retry policy: non-2xx responses and timeouts are retried with exponential backoff.
- Ordering: not guaranteed. Design handlers to be idempotent on
app_user_id.
At-least-once delivery: A single registration can arrive more than once. Handlers must be idempotent. The
app_user_id on the payload is the correct idempotency key.Signature verification pattern#
Every Zellify webhook delivers a signature header. The signature is HMAC-SHA256 of the raw request body, keyed with the secret you copied from your dashboard. Verify before parsing.