Share:
.svg)
.svg)
This month, weโre introducing comprehensive support for webhooks and callbacks across SDKs and API Developer Portals. These updates make it easier for developers to manage asynchronous API events and ensure secure, reliable event delivery.
Highlights include type-safe webhook handlers, built-in HMAC signature verification and interactive callback documentation in Developer Portals.
Webhooks and Callbacks in SDKs
APIMatic now generates webhook handling code across C#, Java, Python, Ruby, and TypeScript SDKs. You can verify and parse incoming webhook events with type-safe handlers that include HMAC signature verification.
Type-Safe Event Handling
The generated handlers parse incoming webhook requests and narrow the event type automatically. This means you conveniently process events with type safety.
Built-in HMAC Signature Verification
Every generated SDK includes cryptographic signature verification that validates webhook authenticity. The handlers protect against replay attacks and verify payload integrity without requiring you to implement custom security logic.
Comprehensive Error Handling
The generated webhook handlers include error handling for common issues like:
- Signature Verification Failures: Descriptive error responses when HMAC signatures don't match or required headers are missing
- Unknown Event Types: Graceful handling of invalid or unknown events
๐ See the feature documentation for webhooks and callbacks for details.
Webhooks and Callbacks in Developer Portals
API Developer Portals have been enhanced to display language-specific Documentation for Webhooks and Callbacks
Interactive Callback Documentation
Each API endpoint page now features collapsible accordion sections listing all associated callbacks, enabling developers to explore complete event workflows without leaving the endpoint context. You can see exactly what events an API triggers and how to handle themโall in one view.
Ready-to-Use Implementation Examples
Updated code snippets across supported languages demonstrate complete webhook handling workflows, from request parsing to event processing.
Enhanced Event Discovery
The portal now provides a dedicated section for exploring events where developers can:
- Browse all available webhook events with detailed schemas and examples
- Copy ready-to-use code snippets for webhook handling in all supported languages
- Understand signature verification requirements and security considerations
Advanced Configurations for Webhooks and Callbacks
You can use the x-webhooks and x-callbacks OpenAPI extensions to define reusable configurations for related webhooks or callbacks.
Define webhook/callback groups using these 2 extensions at the root of your OpenAPI specification. Each group can specify:
- Event-based discrimination using JSON pointers for discriminator properties
- Payload signature verification with HMAC algorithms
These extensions enable you to organize related webhooks and callbacks into logical groups while defining verification and routing logic once for reuse across multiple events.
๐ Learn more about these extensions in the product documentation
๐ข Share your feedback
Your feedback makes our product better.
- ๐ Found a bug? Report it at support@apimatic.io and earn eternal developer karma
- ๐ก Got a brilliant idea? Schedule a 15-minute chat and share it before our product team claims they thought of it first.
- ๐ Love something we built? Tell us so we can argue less about what to build next
Follow us on LinkedIn to stay updated with the latest news from APIMatic!
