developers.webhooks.title

developers.webhooks.intro

developers.webhooks.setupTitle

developers.webhooks.setupDesc

POST

/api/vendor/webhooks

developers.webhooks.createDesc

bash

curl -X POST https://brutlers.com/api/vendor/webhooks \
  -H "X-Api-Key: brut_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://meine-app.de/webhooks/brutlers",
    "events": ["order.created", "order.status_changed"]
  }'

developers.webhooks.maxWebhooks

developers.webhooks.eventsTitle

Event	Description
order.created	developers.webhooks.events.order.created
order.status_changed	developers.webhooks.events.order.status_changed
inquiry.received	developers.webhooks.events.inquiry.received
appointment.confirmed	developers.webhooks.events.appointment.confirmed
appointment.cancelled	developers.webhooks.events.appointment.cancelled
customer.created	developers.webhooks.events.customer.created

developers.webhooks.payloadTitle

developers.webhooks.payloadDesc

json

{
  "event": "order.status_changed",
  "data": {
    "id": "clx1234567890abcdef",
    "status": "FITTING_READY",
    "previousStatus": "IN_PRODUCTION",
    "customerId": "clx0987654321fedcba",
    "updatedAt": "2026-04-15T10:00:00.000Z"
  },
  "timestamp": "2026-04-15T10:00:01.234Z"
}

developers.webhooks.signatureTitle

developers.webhooks.signatureDesc

Header

developers.webhooks.signatureHeader

javascript

import { createHmac } from "crypto";

function verifySignature(body, signature, secret) {
  const expected = createHmac("sha256", secret)
    .update(body)
    .digest("hex");
  return signature === expected;
}

// Express/Next.js example
app.post("/webhooks/brutlers", (req, res) => {
  const signature = req.headers["x-brutlers-signature"];
  const body = JSON.stringify(req.body);

  if (!verifySignature(body, signature, process.env.WEBHOOK_SECRET)) {
    return res.status(401).send("Invalid signature");
  }

  const { event, data } = req.body;
  console.log(`Event: ${event}`, data);
  res.status(200).send("OK");
});

developers.webhooks.retryTitle

developers.webhooks.retryDesc

1developers.webhooks.retry1
2developers.webhooks.retry2
3developers.webhooks.retry3

developers.webhooks.managementTitle

GET

/api/vendor/webhooks

developers.webhooks.createDesc

PUT

/api/vendor/webhooks/:id

developers.webhooks.updateDesc

DELETE

/api/vendor/webhooks/:id

developers.webhooks.deleteDesc

developers.webhooks.setupTitle

developers.webhooks.setupDesc

POST

/api/vendor/webhooks

developers.webhooks.createDesc

bash

curl -X POST https://brutlers.com/api/vendor/webhooks \
  -H "X-Api-Key: brut_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://meine-app.de/webhooks/brutlers",
    "events": ["order.created", "order.status_changed"]
  }'

developers.webhooks.maxWebhooks

developers.webhooks.eventsTitle

Event	Description
order.created	developers.webhooks.events.order.created
order.status_changed	developers.webhooks.events.order.status_changed
inquiry.received	developers.webhooks.events.inquiry.received
appointment.confirmed	developers.webhooks.events.appointment.confirmed
appointment.cancelled	developers.webhooks.events.appointment.cancelled
customer.created	developers.webhooks.events.customer.created

developers.webhooks.payloadTitle

developers.webhooks.payloadDesc

json

{
  "event": "order.status_changed",
  "data": {
    "id": "clx1234567890abcdef",
    "status": "FITTING_READY",
    "previousStatus": "IN_PRODUCTION",
    "customerId": "clx0987654321fedcba",
    "updatedAt": "2026-04-15T10:00:00.000Z"
  },
  "timestamp": "2026-04-15T10:00:01.234Z"
}

developers.webhooks.signatureTitle

developers.webhooks.signatureDesc

Header

developers.webhooks.signatureHeader

javascript

import { createHmac } from "crypto";

function verifySignature(body, signature, secret) {
  const expected = createHmac("sha256", secret)
    .update(body)
    .digest("hex");
  return signature === expected;
}

// Express/Next.js example
app.post("/webhooks/brutlers", (req, res) => {
  const signature = req.headers["x-brutlers-signature"];
  const body = JSON.stringify(req.body);

  if (!verifySignature(body, signature, process.env.WEBHOOK_SECRET)) {
    return res.status(401).send("Invalid signature");
  }

  const { event, data } = req.body;
  console.log(`Event: ${event}`, data);
  res.status(200).send("OK");
});