API & developer

Webhooks

Last updated 4 April 2026

Meridia emits webhooks for any state change that might matter to another system in your stack.

Events available

order.created, order.updated, order.refunded, repricing.action, channel.connected, channel.disconnected, product.out_of_stock, alert.triggered. The full list is at /developers/webhooks.

Registering an endpoint

POST to /v1/webhooks with { url, events, secret }. The URL must be HTTPS and respond with a 2xx within 10 seconds. Meridia generates a signing secret you'll use to verify authenticity on your end.

Signature verification

Every webhook carries an X-Meridia-Signature header — HMAC-SHA256 of the raw body with your secret. Always verify; never trust the payload otherwise. Sample verification code for Node, Python, and Go is in the developer docs.

Delivery and retries

Meridia retries failed deliveries with exponential backoff over 24 hours: 5s, 30s, 5m, 30m, 2h, 6h, 24h. After 24 hours of failure, the endpoint is marked degraded and you're emailed. If no 2xx ever arrives, the event is dropped (we don't store events forever).

Idempotency

Every event carries an event_id. Store the most recent N event IDs and discard duplicates — network weather causes occasional redelivery.

Testing

From Settings → API → Webhooks, click "Send test event" to trigger a harmless ping at your endpoint. Useful in CI and during initial setup.

Was this helpful?
Related
API overview
Meridia's read/write API, authentication, and rate limits.
SDKs and client libraries
Official clients for Node, Python, Go, and Ruby.