What Are Webhooks?
Webhooks allow your application to receive real-time notifications when specific events occur in your ClickBank Command Center account. Instead of polling our API for changes, webhooks push data to your server instantly when events happen.
Common Use Cases
New Sale Notifications
Get notified instantly when a new sale is recorded in your ClickBank account.
Refund Alerts
Receive immediate alerts when refunds or chargebacks occur.
Performance Thresholds
Get notified when your campaigns hit specific performance targets.
Data Sync
Keep your external systems in sync with real-time data updates.
Setting Up Webhooks
Step 1: Create an Endpoint
First, create an endpoint on your server to receive webhook POST requests:
// Node.js / Express example
app.post('/webhooks/clickbank', (req, res) => {
const event = req.body;
// Verify webhook signature
const signature = req.headers['x-webhook-signature'];
if (!verifySignature(event, signature)) {
return res.status(401).send('Invalid signature');
}
// Process the event
switch(event.type) {
case 'sale.created':
handleNewSale(event.data);
break;
case 'refund.processed':
handleRefund(event.data);
break;
default:
console.log('Unhandled event type:', event.type);
}
res.status(200).send('OK');
});Step 2: Register Your Webhook
Register your webhook URL in your account settings:
- Go to Settings → Integrations → Webhooks
- Click "Add Webhook"
- Enter your endpoint URL (must be HTTPS)
- Select the events you want to receive
- Save and copy your webhook secret
Step 3: Verify the Webhook
We'll send a test event to verify your endpoint is working correctly.
Available Event Types
| Event Type | Description |
|---|---|
| sale.created | New sale recorded |
| refund.processed | Refund completed |
| chargeback.received | Chargeback notification |
| threshold.reached | Performance threshold hit |
| data.synced | Data synchronization complete |
Security Best Practices
Always Verify Signatures
Every webhook request includes an X-Webhook-Signature header. Always verify this signature to ensure the request came from us.
const crypto = require('crypto');
function verifySignature(payload, signature) {
const hmac = crypto.createHmac('sha256', webhookSecret);
const digest = hmac.update(JSON.stringify(payload)).digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(digest)
);
}Troubleshooting
Webhook not receiving events
• Verify your endpoint URL is correct and publicly accessible
• Ensure your endpoint responds with 200 status within 5 seconds
• Check your firewall allows incoming requests from our IPs
• Review webhook logs in Settings → Integrations → Webhooks
Signature verification failing
• Ensure you're using the correct webhook secret
• Verify you're hashing the raw request body
• Check for any middleware that modifies the request body
• Use crypto.timingSafeEqual for comparison