Webhooks

Webhooks let your application receive real-time notifications when events occur in Pixee PIM — such as a product being updated, an import completing, or a supplier being created.

Event types

Event	Description
`product.created`	A new product was added to the catalog
`product.updated`	A product's data was modified
`product.deleted`	A product was removed
`import.started`	An import job began processing
`import.completed`	An import job finished successfully
`import.failed`	An import job encountered a critical error
`supplier.created`	A new supplier was added
`supplier.updated`	Supplier data was modified
`ean.resolved`	An EAN lookup returned a result
`test`	Test event sent via the test endpoint

POST/webhooks

Register a webhook

Creates a new webhook endpoint.

Body parameters

Name
name
Type
string
Description
Descriptive name for the webhook.
Name
url
Type
string
Description
HTTPS URL to receive events. Must be publicly accessible.
Name
events
Type
array
Description
List of event types to subscribe to.
Name
secret
Type
string
Description
Optional signing secret used to compute the X-PM-Signature header for payload verification.
Name
headers
Type
object
Description
Additional headers to include in each request (e.g. {"X-API-Key": "..."}).
Name
max_retries
Type
integer
Description
Number of delivery retries on failure (default: 3, max: 5).
Name
timeout_seconds
Type
integer
Description
Request timeout in seconds (default: 10).

Request

POST

/webhooks

curl -X POST https://api.pixeepim.com/api/v1/webhooks \
  -H "Authorization: Bearer {api_key}" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "ERP Product Sync",
    "url": "https://yourapp.com/webhooks/pixeepim",
    "events": ["product.created", "product.updated", "import.completed"],
    "secret": "your_signing_secret"
  }'

Response

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "ERP Product Sync",
  "url": "https://yourapp.com/webhooks/pixeepim",
  "events": ["product.created", "product.updated", "import.completed"],
  "is_active": true,
  "max_retries": 3,
  "created_at": "2026-05-14T10:30:00Z"
}

GET/webhooks

List webhooks

Returns all configured webhooks. Use PATCH /webhooks/{id} to update or DELETE /webhooks/{id} to remove one.

Request

GET

/webhooks

curl https://api.pixeepim.com/api/v1/webhooks \
  -H "Authorization: Bearer {api_key}"

Response

{
  "items": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "name": "ERP Product Sync",
      "url": "https://yourapp.com/webhooks/pixeepim",
      "events": ["product.created", "product.updated"],
      "is_active": true,
      "created_at": "2026-05-14T10:30:00Z"
    }
  ],
  "meta": {
    "total": 1,
    "page": 1,
    "per_page": 50,
    "total_pages": 1,
    "has_next": false,
    "has_previous": false
  }
}

POST/webhooks/{id}/test

Test a webhook

Sends a test test event to the webhook URL to verify connectivity.

Path parameters

Name
id
Type
string
Description
The webhook UUID.

Request

POST

/webhooks/{id}/test

curl -X POST https://api.pixeepim.com/api/v1/webhooks/550e8400-e29b-41d4-a716-446655440000/test \
  -H "Authorization: Bearer {api_key}"

Response

{
  "status": "success",
  "status_code": 200,
  "duration_ms": 125,
  "response_body": "OK"
}

Webhook payload

Each webhook POST request contains a JSON body:

Webhook payload example

{
  "id": "evt_01HQ...",
  "event": "product.updated",
  "timestamp": "2026-05-14T10:30:00Z",
  "data": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "ean": "3760000000001",
    "name": "Produit exemple",
    "updated_fields": ["price", "is_active"]
  }
}

Verifying signatures

Every webhook request includes an X-PM-Signature header — an HMAC-SHA256 digest of the raw request body signed with your webhook secret.

Verify signature (Python)

import hmac
import hashlib

def verify_signature(payload: bytes, signature: str, secret: str) -> bool:
    expected = hmac.new(
        secret.encode(),
        payload,
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(f"sha256={expected}", signature)

Verify signature (Node.js)

const crypto = require('crypto')

function verifySignature(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex')
  return crypto.timingSafeEqual(
    Buffer.from(`sha256=${expected}`),
    Buffer.from(signature)
  )
}

Always verify the signature before processing a webhook payload. Reject requests where the signature does not match.

GET/webhooks/{id}/logs

Delivery logs

Returns the delivery history for a webhook endpoint. Failed deliveries can be retried individually.

Query parameters

Name
status
Type
string
Description
Filter by: success or failed.
Name
skip
Type
integer
Description
Offset (default: 0).
Name
limit
Type
integer
Description
Items per page, max 100 (default: 50).

List logs

GET

/webhooks/{id}/logs

curl "https://api.pixeepim.com/api/v1/webhooks/550e8400-e29b-41d4-a716-446655440000/logs?status=failed" \
  -H "Authorization: Bearer {api_key}"

Retry a delivery

POST

/webhooks/{id}/logs/{log_id}/retry

curl -X POST https://api.pixeepim.com/api/v1/webhooks/550e8400-e29b-41d4-a716-446655440000/logs/550e8400-e29b-41d4-a716-000000000030/retry \
  -H "Authorization: Bearer {api_key}"

Log entry

{
  "items": [
    {
      "id": "550e8400-e29b-41d4-a716-000000000030",
      "event": "product.updated",
      "status_code": 500,
      "success": false,
      "duration_ms": 3002,
      "attempt": 3,
      "error_message": "Connection timeout",
      "triggered_at": "2026-05-14T10:30:00Z"
    }
  ],
  "meta": { "total": 1, "page": 1, "per_page": 50, "total_pages": 1, "has_next": false, "has_previous": false }
}

Retry policy

If your endpoint returns a non-2xx status code, Pixee PIM retries delivery with exponential backoff:

Attempt	Delay
1st retry	30 seconds
2nd retry	5 minutes
3rd retry	30 minutes

After all retries are exhausted, the delivery is marked as undeliverable. Use the delivery logs endpoint to manually replay failed events.