Skip to main content
Sendcloud is able to actively communicate updates in a parcel (such as updates in the delivery status) to your application using webhooks. You should specify an JSON API endpoint in which Sendcloud will make requests to, whenever a change occurs. You can set this using the webhook_url field in your integration settings in Sendcloud. To verify a request is coming from Sendcloud, Sendcloud signs each request that we send to your endpoint using a HMAC signature (Hash-based Message Authentication Code) with SHA256 algorithm and the Secret Key or the Webhook Signature Key as secret, depending on your integration type. For your store to validate that the webhook is coming from us, you should hash the message received from us using your secret and compare against the Sendcloud-Signature header received from us. 
<?php
// From example:
// $data = "{\"key\": \"value\"}";
// $secret_key = "secretkey";
// hashed data from example: 1eed4b3d41f4653ac64fd56f1bf1cbfd349e4482cbc11dff7134bd93e5da4b0a
$secret_key = "secretkey";
$data = $_POST;
$Sendcloud_Signature = apache_request_headers()['Sendcloud-Signature'];
$hashed_signature = hash_hmac ( "sha256" , $data , $secret_key );
// You can compare the hashed signature from example with the one you can hash yourself using the example $data variable.
assert("1eed4b3d41f4653ac64fd56f1bf1cbfd349e4482cbc11dff7134bd93e5da4b0a" == $hashed_signature);
To receive the parcel data for every update that happens in a parcel, you need to:
  • Visit your Integration settings within the Sendcloud panel.
  • Enable the webhook feedback checkbox.
  • Set the webhook url to your application that will process the data received. * You can also test if the webhook works by sending a test webhook to your application by clicking on “Test API Webhook” button.
  • Save the shop settings.
Additional notes:
  • Please note that the data your application will receive is the same as the payload you would get when retrieving information about a specific parcel.
  • If for any reason the call to your webhook fails, Sendcloud will retry sending the update 10 times with an exponential delay. Starting with a 5 minute delay, and a maximum delay of 1 hour between retries. If after 10 tries, the call is still failing, Sendcloud will stop trying, and report the issue to your Failed Request logs.
  • Because your shop might be unreachable for some time, the webhook arrival order might be scattered (unordered) which is why each webhook includes a timestamp which can be used to identify which webhook is the later one.
  • For return parcels, you will receive webhook updates only if the outgoing shipment was created through the API Shop.