To secure your webhooks we have added the “x-API-key” feature which if enabled will help you identify the source of the data. This adds an extra layer of security to your webhooks.

How to enable the security feature?

To enable this feature,

  • You have to click on the toggle button of “ Add Custom Header “ to enable the header.

  • You will be shown a field to enter the x-API-key value which is recommended to have alphanumeric and between 13 - 60 characters.

  • Post updating the x-API-key value, Click on the “Update Webhook” button and the x-API-key will be saved.

  • If any orders are placed post the changes, you will receive the webhook payload with the x-API-key value in the header.

In case, if you want to change/edit the x-API-key value,

  • You can click on the “ Enter x-API-key “ field and make the changes

  • Then you have to click on “ Update Webhook ” and the new x-API-key will then be saved, which will be added to the payload.

Key Pointers

  • The x-API-key value has to be alphanumeric.

  • The x-API-key value has to be between 13 - 60 characters.

Webhook Payload

x-api-key: a1p2z5b7v68b9112234

    'id': orderID<Number(20)>,
    'data': {
                'orderId': <Number(11)>,
                'poNumber': <String(100)>,
                'orderDate': <String(19)>,
                'deliveryStatus': <String(9)[Delivered|Canceled]>
             'createdAt': <String(19)>
Legend: <DataType(size)>


Parameter NameTypeDescription
x-api-keyString (60)x-api-key in the header to identify the source
IDInteger (20)Unique Webhook ID to identify that the webhook is thrown
Order IDInteger (11)Unique Xoxo Order ID whenever an order is placed via the Plum API
PO numberString (100)PoNumber if provided by the client while placing an order
OrderDateString (19)Date when an order is placed
Delivery StatusString (9)Order delivery status. Can be delivered or canceled
CreatedAtString (19)When callback was invoke