Signed, replay-protected, retried until you 2xx.
Subscribe to invoice / order / refund events. Verify HMAC-SHA256 in your endpoint. Every delivery is HMAC-SHA256 signed, timestamped, and retried with exponential back-off until your endpoint returns 2xx.
order.paid
A buyer's checkout finalised. Settled on-chain.
order.refunded
Refund pushed back to the buyer's wallet.
order.delivered
Auto-delivery completed — key, file, or webhook handed over.
order.failed
Checkout expired or rejected.
product.created
Product published from API or dashboard.
product.updated
Any field on a product changed.
payout.queued
Payout request accepted, broadcast pending.
payout.confirmed
Payout confirmed on-chain.
customer.created
New buyer email registered in your shop.
# Standard headers Sellix sets on every delivery X-Event-Id: evt_01J2PT83A5XKJZ5N6FM5YV9B2D X-Event-Type: order.paid X-Webhook-Timestamp: 1779604200 X-Signature: sha256=8f7a9a2b… Content-Type: application/json User-Agent: Sellix-Webhook/1.0 # Body — JSON, the resource that fired the event { "id": "evt_01J2PT83A5XKJZ5N6FM5YV9B2D", "type": "order.paid", "data": { "order_uuid": "…", "total_cents": 4900, … } }
Paste a payload + secret. We compute the signature live in your browser using the Web Crypto API — same algorithm our SDK uses on your server.
8 attempts per delivery1m → 2m → 5m → 15m → 1h → 6h → 24hX-Event-Id on your side. Same id twice = same event.200 — it's a feature, not a duplicate.