> ## Documentation Index
> Fetch the complete documentation index at: https://docs.plude.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Webhooks let you subscribe to Plude events and receive notice when an event occurs.

In order to provide our enterprise platform, many operations on Plude are handled asynchroniously. This is to adhere to modern standards of service levels and to improve the overall design in order to comply with performance and security.

A webhook is a subscription that registers a notification URL and the events that you want to be notified about. When an event occurs, Square collects data about the event, creates an event notification, and sends the event notification to the notification URL for all webhook subscriptions that are subscribed to the event.

# Creating a notification endpoint

A notification URL must do the following:

1. Respond with a 2xx HTTP status code in a timely manner.
2. The URL endpoint must require that a connection uses HTTPS.
3. Receive a POST event notification.
4. Optionally. Store the event notification data safely.

## Durability

If a 2xx HTTP status code isn't received in a timely manner or a status code other than 2xx is returned, Plude assumes that the delivery is unsuccessful. Plude retries the delivery of the event notification using [exponential backoff](https://en.wikipedia.org/wiki/Exponential_backoff) for up to *72 hours* after the originating event.

After 72 hours, the notification is discarded and we doesn't attempt to resend the notification.

**Handle implementation with care**
Webhooks are sent immediately upon the event. However implementing handling of webhooks, you muse carefully design and consider the processing of each request. Due to size, latency and intermediate systems, never trust the flow sequence of events.

**Verification**
All webhook notifications from Plude include an `signature` field. The value of this field is an *SHA-256* signature generated using the webhook signature key your retrieve when subscribing a webhook url.

<Info>Keep the `signatureKey` safe and do not share this</Info>

You can validate the webhook notification by generating the *SHA-256* value in your own code and comparing it to the signature of the event notification you received.

<Warning>Never trust unvalidated events</Warning>

# Subscribing to events

Ues the following snippet to subscribe to all webhooks events:

```bash theme={null}
curl -X PUT \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer {your_token_here}" \
    -H "X-environment: {your_environment_id_here}" \
    -H "X-version: 2022-03" \
    -d '{
        "url" : "https://webhook.site/58a782d8-2952-42ec-8738-b840c4cfcde8"
    }'
    https://api.plude.io/webhooks/subscribe
```

You will receive a response as follows:

```json theme={null}
{
    "url" : "https://webhook.site/58a782d8-2952-42ec-8738-b840c4cfcde8"
    , "signatureKey" : "dMr34..."
}
```

You can use a server endpoint as a notification URL or you can create a serverless endpoint on services such as Amazon Web Services (AWS) or Google Cloud Platform. You can test a notification URL with sites such as [webhook.site](https://webhook.site).

On the following pack, you can read a full reference list of all events.
