Prerequisites
- An RMZ store with an RMZ+ subscription plan
- A publicly accessible HTTPS endpoint to receive webhooks
- Basic knowledge of your server framework (Express, Flask, Laravel, etc.)
Step 1: Create a Webhook in the Dashboard
1
Navigate to webhook settings
Go to Dashboard > Settings > Webhooks.
2
Add a new webhook
Click Add Webhook and fill in the configuration:
3
Save and note your secret key
After saving, the webhook’s secret key (28 characters) is shown. Copy and store it securely — you will need it to verify signatures.
4
Enable the webhook
Toggle the webhook to Enabled when you are ready to receive events.
Step 2: Build Your Receiver Endpoint
Your endpoint must accept HTTP POST requests, verify the signature, process the payload, and return a200 status quickly.
Step 3: Handle Retries and Idempotency
Webhooks may be delivered more than once. Use theX-RMZ-REQUEST-ID header to detect and ignore duplicates:
Step 4: Test Your Webhook
Before enabling the webhook for production:-
Use a tunneling tool like ngrok to expose your local server:
Use the generated HTTPS URL as your webhook URL.
-
Place a test order in your store to trigger the
order.createdevent. - Check the webhook logs in your dashboard to see the delivery status and response from your server.
- Verify the payload matches the expected format documented in Payload Format.
Common Patterns
Sending Slack Notifications
Syncing to a Database
Troubleshooting
Webhook not being delivered
Webhook not being delivered
- Verify the webhook is enabled in the dashboard
- Check that your URL is publicly accessible (not
localhost) - Ensure your endpoint accepts POST requests and returns a 2xx status
- Check the webhook logs in the dashboard for error details
Signature verification failing
Signature verification failing
- Use the raw request body for verification, not the parsed JSON
- Ensure you are using the correct secret key for this specific webhook
- Check for middleware that modifies the request body before your handler
Receiving duplicate events
Receiving duplicate events
- This is expected behavior during retries. Implement idempotency using the
X-RMZ-REQUEST-IDheader.
Events arriving out of order
Events arriving out of order
- Use the
created_attimestamp in thestatusesarray to determine the correct chronological order.

