API Reference
Start typing to search…

Webhook Requirement

Learn how to securely integrate Reusely webhooks into your system. This guide covers the setup process, supported event types, payload structure, signature authentication, retry logic, and implementation best practices to ensure reliable and secure data delivery.

Available Events

The following webhook events are currently supported:

  • offer.created
    Triggered when a new offer is created through the Reusely app, embedded widget, or public API.
  • offer.status.updated
    Triggered whenever the status of an existing offer is changed.

Webhook Payload Format

Webhooks are delivered as application/json requests and follow a consistent structure:

{
   "object": string,
   "object_id": integer,
   "timestamp": timestamp,
   "type": string,
   "data": {
     // Event-specific data
   }
 }

Example Payload:

{
  "object": "event",
  "object_id": 93092,
  "timestamp": "1749441740",
  "data": {
    "box_id": "STAG03U2O",
    "status_id": 1,
    "buyback_source": "Widget",
    "referral_source": "https://dummy.referral.source",
    "age_in_days": 1,
    "selling_type": "Instant Offer",
    "status": "Active Leads",
    "payout_method": "PayPal",
    "courier": "Easypost(USPS)",
    "payout_total": "$960.00",
    "location_id": 1,
    "location_name": "Mail-In Location",
    "created_at": "2025-06-09T04:02:10.000000Z",
    "customer_portal_url": "https://dummy.customer.portal/url",
    "customer_email": "[email protected]",
    "payout_currency_symbol": "$",
    "payout_amount": "960.00",
    "expedited_payout_fee": 0,
    "file": null,
    "offer_created_by": "System",
    "customer_name": "John Doe",
    "number_of_buyback_items": 1,
    "payout_information": [
      {
        "name": "Paypal Address",
        "field_key": "paypal_address",
        "value": "[email protected]"
      }
    ],
    "company_name": "Dummy Company",
    "tracking_number": "9405500208303110161449",
    "custom_fields": null
  },
  "type": "offer.created"
}

Signature & Authentication

Each webhook request includes an Authorization header containing a cryptographic signature.

Authorization: <signature>

How the Signature is Generated:

  • Concatenate the object_id and timestamp (without any separator).
  • Hash the resulting string using SHA-256 and your secret key.
  • Use the resulting hash digest as the value for the Authorization header.

Retry Policy (Exponential Backoff)

If your server fails to respond with a 200 OK status code, Reusely will automatically retry the webhook delivery:

  • First retry: 10 minutes after the failed attempt
  • Second retry: 30 minutes after the first retry

If both attempts fail, the webhook will be permanently marked as failed and will not be sent again.

Best Practices

To ensure reliable webhook handling, we recommend the following:

  • Always return an HTTP 200 OK response to acknowledge successful receipt.
  • Process webhook logic asynchronously to avoid timeouts.
  • Log all incoming webhook requests and headers for auditing and troubleshooting.
  • Always validate the Authorization signature using your secret key before processing the data.