Webhooklar
Hodisalarga obuna bo‘lish, imzo (HMAC) tekshiruvi va qayta yuborish siyosati.
Hodisalar
Webhook orqali Kitobchi hodisa yuz berganda sizning serveringizga POST yuboradi — narx yoki zaxira o‘zgarishi, yangi mahsulot va h.k. Obuna admin paneldagi API mijozlar bo‘limida sozlanadi.
| Hodisa | Qachon |
|---|---|
| product.updated | Mahsulot narxi, nomi yoki holati o‘zgarganda. |
| product.stock_changed | Zaxira miqdori o‘zgarganda (0 ga tushishi ham). |
| product.created | Yangi mahsulot qo‘shilganda. |
| seller.updated | Do‘kon ma’lumoti o‘zgarganda. |
Payload namunasi
POST https://your-server.com/webhooks/kitobchi
Content-Type: application/json
X-Kitobchi-Event: product.stock_changed
X-Kitobchi-Delivery: 6f1e0b9c-...
X-Kitobchi-Signature: sha256=9a1c...
{
"event": "product.stock_changed",
"sent_at": "2026-07-05T09:00:00Z",
"data": { "id": 128, "type": "book", "in_stock": false, "count": 0 }
}Imzo tekshiruvi
Har bir yetkazishda X-Kitobchi-Signature header keladi: sha256=HMAC(secret, raw_body). Serveringizda xuddi shu imzoni hisoblab, hash_equals bilan solishtiring. Mos kelmasa — so‘rovni rad eting.
$payload = file_get_contents('php://input');
$expected = 'sha256=' . hash_hmac('sha256', $payload, $webhookSecret);
if (! hash_equals($expected, $_SERVER['HTTP_X_KITOBCHI_SIGNATURE'] ?? '')) {
http_response_code(401);
exit;
}Qayta yuborish
Server 2xx qaytarmasa, yetkazish oshib boruvchi kechikish bilan qayta uriniladi (masalan 1m, 5m, 30m, 2s). X-Kitobchi-Delivery takroriy yetkazishlarda bir xil — idempotentlik uchun shundan foydalaning.
Webhook uchlaringiz imkon qadar tez 200 qaytarsin — og‘ir ishni navbatga (queue) qo‘ying.