How to Use AfterShip Shipping Webhook?

Overview

A webhook lets an application share real-time information with other apps. Since data transfer happens instantly, the popularity of webhooks is increasing rapidly these days.

With AfterShip Shipping webhook, you can receive the push update when the API is made asynchronously.

How to setup the Webhooks

Go to the Webhooks settings in your AfterShip Shipping admin.
Click Add Webhooks URL.
Add the webhook URL and save.

Webhook signature

Check for AfterShip's base64-encoded HMAC generated signature to verify all incoming webhook events to avoid replay attacks.

Webhooks includes a calculated digital signature for verification.
Each webhook request includes a am-webhook-signature header. The signature is a base64-encoded HMAC generated using sha256 algorithm with webhook request body and webhook secret of your account.

Each webhook request could be verified by comparing the computed HMAC digest and the attached HMAC digest in header.

The following Node.JS example demonstrates the computation of a webhook signature.

const crypto = require('crypto');
const WEBHOOK_SECRET = "...."; // your webhook secret

function generateSignature(webhookPayloadString) {
    return crypto
        .createHmac('sha256', WEBHOOK_SECRET)
        .update(webhookPayloadString, 'utf8', 'hex')
        .digest('base64');
}

const webhookPayloadString = JSON.stringify(webhookPayload);  // your webhook payload

const sign = generateSignature(webhookPayloadString);
console.log('hmac-sha256=' + sign);  // should be equal to `am-webhook-signature` value

Webhook secret can be obtained by going to Settings > Webhooks

Webhook outgoing IPs

If your service restricts reception by public IPs, please add all the following IPs to the allow list.

104.154.18.15
34.122.118.39
34.70.29.163
34.70.81.106
34.72.178.234

Updated on: 03/02/2025