Create Callbacks

Content of this article

  1. Preliminary Remarks
  2. Create and Activate Callbacks
  3. Example Header

1. Preliminary Remarks

What are Callbacks?
Callbacks make it possible to transfer information about defined events in the plenigo system to other systems basically in real time.
When integrating plenigo, it may be desirable for third-party systems receive information about events that occur in the plenigo system so that these third systems can perform actions accordingly. In this case, callbacks for certain events can be defined in the Merchant Backend. Creating and managing these callbacks takes place in the client.
Note on data protection:
When using most of the callback types, personal data is transferred to other systems. The receiving system can therefore be defined as an additional commissioned data processor from the perspective of the applicable jurisdiction. This should be taken into account when using callbacks.

You can find examples for payloads in the following entry: 

2. Create and Activate Callbacks


Create a callback (without authentification)
  • Enter the URL of Webservice.
    Once the URL has been entered, the checkbox Enabled can be ticked to activate the callback.
  • Select the Callback type using the drop-down menu (e. g. "Create customer").
  • Save settings.

Create Callback (with authentification)

Note: We recommend using the security mechanism through authentifcation.

  • Activate Endpoint requires authentification checkbox.
  • Method 1: Authentification with user name and password
    By using a basic authentification with a user name and password, the data transmission can be secured. In most cases, the receiving system defines the authentication data. When using the secured callback, the authentication data is included in every request from plenigo. 
  • Method 2: Authentification with HTTP Header
    HTTP headers can also be used for authentication against a service.
    To do this, enter one or more key-value pair(s).
After saving, the plenigo system automatically creates a callback secret for each callback which can be viewed by expanding the callback information.

3. Example Header

In the following example, both method 1 and method 2 have been used as security mechanism.
In the plenigo Mercahnt Backend, the settings look as follows:

The authentication is transmitted in the header of the callback. The bold values is the authentication data that has been set in the plenigo Merchant Backend.  
Furthermore, each callback is signed with a plenigo-signature. The instruction on how to check the signature can be found in the following entry:
Headers
accept-encoding gzip
x-plenigo-api-version 20240827
plenigo-signature t=1729583536,s=fdcd0a0ccd0b4db629d35a33c3aada5cf669a28f91adb38abcc9ffcdb1663d38
key value
content-type application/json
authorization Basic cGxlbmlnb190ZXN0OjEyMzQ1Njc4OQ==
accept application/json
content-length 686
user-agent go-resty/2.15.3 (https://github.com/go-resty/resty)
host webhook.site
php-auth-user plenigo_test
php-auth-pw xxxxxxx