Integration Updated
WEBHOOK: POSThttps://<YOUR_WEBHOOK_URI> event_type: store.provisionedThis webhook is sent to authorized app partners to notify them that the integration details for their store have changed. If your app received this, its client_credentials access token will be able to call endpoint(s) against the store and may immediately start receiving webhook notifications. Apps should respond to this webhook by:
- Calling
GET /pos_dataorGET /stores/:store-idto verify the integrator and store information; and sychronize the integration details against your systems. - If
perform_refresh_menuistrue, you should attempt to upload a new menu for the store via PUT /menu. This might promote this app to become the store’s order manager. If this happens, you will receive a follow-upstore.provisionedwebhook as confirmation.
If the integration details are incorrect or your system is not able to properly integrate with the store, you must call PATCH /pos_data to correct the data or proactively disable the integration.
Your service should return an HTTP 200 response code with an empty response body to acknowledge receipt of the webhook event. If Uber does not receive a 200 acknowledgement response, the webhook event will be resent based on an exponential backoff algorithm (i.e. starting at 1 second after the initial attempt, then 2 seconds, then 4 seconds etc.) until 7 total events were sent without a response.
¶ Webhook Headers
Uber will include security headers for all requests made to your webhook URL.
| Header | Description |
|---|---|
X-Environment |
Indicates if this request is coming from the production or sandbox API. |
X-Uber-Signature |
SHA256 hash of the request body, using the client secret as the key. |
¶ Webhook Security
Webhook messages are signed so that your app can verify that the sender is Uber. Webhooks requests contain an X-Uber-Signature header. The value of this field is a lowercased hexadecimal HMAC signature of the webhook HTTP request body, using the client secret as a key and SHA256 as the hash function.
Python Example
digester = hmac.new(client_secret, webhook_body, hashlib.sha256)
return digester.hexdigest()
¶ Webhook Event Structure
| Name | Type | Description |
|---|---|---|
event_type |
string enum |
The type of the event, e.g. store.provisioned. Always check this field as new event types may be added in the future without notice. |
store_id |
UUID |
The ID that Uber uses to uniquely identify a store. |
perform_refresh_menu |
boolean (optional) | Surface whether the store’s menu should be refreshed or not. This might promote this app to become the store’s order manager. If this happens, you will receive a follow-up store.provisioned webhook as confirmation. |
partner_store_id |
string (optional) |
Deprecated - the ID that the merchant configured to represent its store. This is not the integrator_store_id which should be retrieved from GET /pos_data. |
resource_href |
string |
Contains the path to the GET /pos_data endpoint to retrieve the current integration details. |
webhook_meta.client_id |
string |
Application or client ID that this webhook notification was generated for. This can be used to distinguish audience when multiple apps are registered to the same to webhook URL. |
webhook_meta.webhook_config_id |
string |
Deprecated - do not use. |
webhook_meta.webhook_msg_timestamp |
integer |
Unix timestamp of when the event occurred. |
webhook_meta.webhook_msg_uuid |
string |
Unique identifier of the webhook event (for deduplication purposes). |
¶ Example Webhook
{
"event_type": "store.provisioned",
"store_id": "66f60085-a9c8-4ef7-9f4a-c7867f448905",
"partner_store_id": "123456",
"perform_refresh_menu": true,
"resource_href": "https://api.uber.com/v1/eats/stores/66f60085-a9c8-4ef7-9f4a-c7867f448905/pos_data",
"webhook_meta": {
"client_id": "_ZIpAofJqMTBPFy3-ig_pdeRtBox1DZ",
"webhook_config_id": "eats-pos-provision-platform.provisioning-update",
"webhook_msg_timestamp": 1623317195,
"webhook_msg_uuid": "b32d30e4-6230-4972-a051-d37c2692b4f8"
}
}