Webhooks

Register webhook subscriptions to receive real-time notifications when events occur in the Directory. Webhooks are delivered as HTTP POST requests to your specified URL with HMAC-SHA256 signature verification.

All webhook endpoints require the webhooks.manage permission scope.

Endpoints

POST

/v1/webhooks

webhooks.manage

GET

/v1/webhooks

List active subscriptions

webhooks.manage

DELETE

/v1/webhooks/:id

Remove a subscription

webhooks.manage

Event Types

Event	Trigger	Payload
`rfq.created`	New RFQ created via inbound API	RFQ object with items
`rfq.status_changed`	RFQ status updated	RFQ object with old/new status
`rfq.quote_submitted`	New supplier quote submitted	Quote object with line items
`business.created`	New business listing added	Business object
`business.updated`	Business data updated	Business object with changed fields
`product.created`	New product added	Product object
`product.updated`	Product data updated	Product object
`product.price_changed`	Product price changed	Product with old/new price

Register a Webhook

POST /v1/webhooksjson

{
  "event_type": "rfq.quote_submitted",
  "target_url": "https://sourcing.buyamia.com/api/webhooks/directory",
  "secret": "your-webhook-signing-secret"
}

Signature Verification

Each webhook delivery includes an X-Webhook-Signature header containing an HMAC-SHA256 signature of the request body using your webhook secret. Always verify this signature before processing the payload.

Verify Signaturetypescript

import { createHmac } from 'crypto';

function verifyWebhook(body: string, signature: string, secret: string): boolean {
  const expected = createHmac('sha256', secret)
    .update(body)
    .digest('hex');
  return signature === expected;
}

// In your webhook handler:
app.post('/api/webhooks/directory', (req, res) => {
  const signature = req.headers['x-webhook-signature'];
  const body = JSON.stringify(req.body);
  
  if (!verifyWebhook(body, signature, process.env.WEBHOOK_SECRET)) {
    return res.status(401).json({ error: 'Invalid signature' });
  }
  
  // Process the event
  const { event_type, data } = req.body;
  console.log(`Received ${event_type}:`, data);
  
  res.status(200).json({ received: true });
});

Webhook Payload Format

{
  "event_type": "rfq.quote_submitted",
  "timestamp": "2026-03-03T10:30:00Z",
  "data": {
    "rfq_id": "uuid",
    "external_rfq_id": "PROC-2026-0042",
    "supplier_id": "uuid",
    "business_name": "PT Furniture Jaya",
    "quoted_price": 4500000,
    "quoted_currency": "IDR"
  }
}

MCP Server

Error Codes

Last updated on February 23, 2026