Integration Updated
WEBHOOK: POSThttps://<YOUR_WEBHOOK_URI> event_type: store.provisioned
This webhook is sent to authorized app partners to notify them that the integration details for their store have changed. If your app received this, its client_credentials
access token will be able to call endpoint(s) against the store and may immediately start receiving webhook notifications. Apps should respond to this webhook by:
- Calling
GET /pos_data
orGET /stores/:store-id
to verify the integrator and store information; and sychronize the integration details against your systems. - If
perform_refresh_menu
istrue
, you should attempt to upload a new menu for the store via PUT /menu. This might promote this app to become the store’s order manager. If this happens, you will receive a follow-upstore.provisioned
webhook as confirmation.
If the integration details are incorrect or your system is not able to properly integrate with the store, you must call PATCH /pos_data
to correct the data or proactively disable the integration.
Your service should return an HTTP 200
response code with an empty response body to acknowledge receipt of the webhook event. If Uber does not receive a 200 acknowledgement response, the webhook event will be resent based on an exponential backoff algorithm (i.e. starting at 1 second after the initial attempt, then 2 seconds, then 4 seconds etc.) until 7 total events were sent without a response.
¶ Webhook Headers
Uber will include security headers for all requests made to your webhook URL.
Header | Description |
---|---|
X-Environment |
Indicates if this request is coming from the production or sandbox API. |
X-Uber-Signature |
SHA256 hash of the request body, using the client secret as the key. |
¶ Webhook Security
Webhook messages are signed so that your app can verify that the sender is Uber. Webhooks requests contain an X-Uber-Signature
header. The value of this field is a lowercased hexadecimal HMAC signature of the webhook HTTP request body, using the client secret as a key and SHA256 as the hash function.
Python Example
digester = hmac.new(client_secret, webhook_body, hashlib.sha256)
return digester.hexdigest()
¶ Webhook Event Structure
Name | Type | Description |
---|---|---|
event_type |
string enum |
The type of the event, e.g. store.provisioned . Always check this field as new event types may be added in the future without notice. |
store_id |
UUID |
The ID that Uber uses to uniquely identify a store. |
perform_refresh_menu |
boolean (optional) | Surface whether the store’s menu should be refreshed or not. This might promote this app to become the store’s order manager. If this happens, you will receive a follow-up store.provisioned webhook as confirmation. |
partner_store_id |
string (optional) |
Deprecated - the ID that the merchant configured to represent its store. This is not the integrator_store_id which should be retrieved from GET /pos_data . |
resource_href |
string |
Contains the path to the GET /pos_data endpoint to retrieve the current integration details. |
webhook_meta.client_id |
string |
Application or client ID that this webhook notification was generated for. This can be used to distinguish audience when multiple apps are registered to the same to webhook URL. |
webhook_meta.webhook_config_id |
string |
Deprecated - do not use. |
webhook_meta.webhook_msg_timestamp |
integer |
Unix timestamp of when the event occurred. |
webhook_meta.webhook_msg_uuid |
string |
Unique identifier of the webhook event (for deduplication purposes). |
¶ Example Webhook
{
"event_type": "store.provisioned",
"store_id": "66f60085-a9c8-4ef7-9f4a-c7867f448905",
"partner_store_id": "123456",
"perform_refresh_menu": true,
"resource_href": "https://api.uber.com/v1/eats/stores/66f60085-a9c8-4ef7-9f4a-c7867f448905/pos_data",
"webhook_meta": {
"client_id": "_ZIpAofJqMTBPFy3-ig_pdeRtBox1DZ",
"webhook_config_id": "eats-pos-provision-platform.provisioning-update",
"webhook_msg_timestamp": 1623317195,
"webhook_msg_uuid": "b32d30e4-6230-4972-a051-d37c2692b4f8"
}
}