Webhooks
PullPush can receive real-time events via webhooks from source platforms. This is the fastest way to sync — changes arrive within seconds of happening.
How webhook ingestion works
- Configure your platform to send webhooks to your PullPush endpoint
- PullPush verifies the webhook signature (HMAC-SHA256 by default)
- The event is mapped to the canonical model
- It enters the pipeline for processing and delivery
Webhook endpoint
Your webhook URL follows this pattern:
https://api.pullpush.ai/webhooks/{connectionId}
The connection ID is shown in your dashboard after creating a connection.
Signature verification
PullPush verifies webhook signatures to ensure authenticity:
| Platform | Header | Algorithm |
|---|---|---|
| Shopify | X-Shopify-Hmac-Sha256 |
HMAC-SHA256 (base64) |
| Flowretail | X-Signature |
HMAC-SHA256 (hex) |
| Custom | Configurable | HMAC-SHA256/SHA1/SHA512 |
The webhook secret is stored encrypted alongside your connection credentials.
Event type mapping
Webhooks carry platform-specific event types that PullPush maps to canonical types:
Shopify "orders/create" → canonical "order.created"
Shopify "products/update" → canonical "product.updated"
Flowretail "stock_change" → canonical "stocklevel.updated"
Custom event type mappings can be configured in the connector definition's webhook.event_type_map.
Batch webhooks
Some platforms send multiple events in a single webhook payload. PullPush handles this by:
- Extracting the array from the configured
array_path - Processing each item as a separate canonical event
- Maintaining per-key ordering across the batch
Reliability
If PullPush is temporarily unavailable, most platforms will retry their webhooks. To ensure no events are missed, PullPush also supports poll-based reconciliation alongside webhooks — catching any gaps automatically.