Several types of objects are processed asychronously in the EasyPost system (Batches, Trackers, etc.). In order to update users with the status of these background tasks, EasyPost dispatches a webhook event whenever a new Event occurs. Webhooks are push notifications, or callbacks, which allow users to stay up-to-date on the status of their EasyPost objects without needing to poll for updates. Whenever a webhook is triggered, an Event is sent via HTTP POST to each configured webhook URL. Each of these webhooks expect a successful response; in the case of a failure, the EasyPost system will attempt to retry the webhook.
In order to take advantage of webhooks, all you need to do is add your webhook urls to your account page. The way these webhook Events are processed will be specific to your application, but below is an example of a request's JSON body and a simple Sinatra application that removes problematic shipments from a Batch.
A great way to learn more about the contents of each webhook Event is by using RequestBin. RequestBin bins are easy to create, and they provide you with a URL that you can use to collect webhook requests made by EasyPost and inspect their contents.
Currently, our recommended best practice for securing webhooks involves using basic authentication and HTTPS on your endpoint. This will help prevent any altering of any information communicated to you by EasyPost, and it will prevent any third parties from masquerading as EasyPost and sending fraudulent data.
https://username:firstname.lastname@example.org/easypost-webhook is an example of how you could add basic authentication to your Webhook URL.