Resell Scan
Guide for developers

Set up and use webhooks

Let your system react automatically when a batch analysis is complete. Resell Scan sends signed POST requests to your webhook URL.

Duration: approx. 12 minDifficulty: developerLast updated: May 15, 2025
In this guide

Current event: analysis.completed

Webhooks are triggered when a complete batch is done. Your endpoint receives batch ID, Collection ID, status, Product counts, and detail results per Product.

1

Prepare your own endpoint

Provide a publicly reachable HTTPS URL that accepts POST requests with JSON.

Minimal Next.js route handlerts
import { NextRequest, NextResponse } from 'next/server';

export async function POST(request: NextRequest) {
  const signature = request.headers.get('x-webhook-signature');
  const payload = await request.text();

  // Verify signature before processing.
  // Then process payload with JSON.parse(payload).

  return NextResponse.json({ received: true });
}
The URL must be reachable by Resell Scan.
The endpoint receives POST requests with Content-Type application/json.
Processing should be idempotent because retries are possible.
Store received event IDs if you want to avoid duplicate processing.
2

Create webhook in the dashboard

Open “Developer” -> “Webhooks”, click “Add webhook”, and enter URL, description, and event.

Webhook URL

Your HTTPS endpoint, for example https://example.com/webhooks/resell-scan.

Description

Optional text so you can later recognize what the webhook is used for.

Event

Currently available: analysis.completed, meaning “analysis completed”.

Active

When editing, you can set a webhook active or inactive.

Secret visible only once

After creation, Resell Scan shows a secret with prefix whsec_. You need this secret for HMAC verification and cannot display it in full again later.
3

Understand the payload

The event contains an ID, event name, timestamp, and batch data.

Example payloadjson
{
  "id": "evt_550e8400-e29b-41d4-a716-446655440000",
  "event": "analysis.completed",
  "created_at": "2026-05-25T10:30:00.000Z",
  "data": {
    "batch_id": "550e8400-e29b-41d4-a716-446655440001",
    "collection_id": "550e8400-e29b-41d4-a716-446655440002",
    "status": "completed",
    "total_products": 10,
    "successful_products": 9,
    "failed_products": 1,
    "success_rate": 90,
    "started_at": "2026-05-25T10:00:00.000Z",
    "completed_at": "2026-05-25T10:30:00.000Z",
    "products": [
      {
        "product_id": "550e8400-e29b-41d4-a716-446655440003",
        "product_data": {},
        "status": "completed",
        "progress": 100,
        "result": {},
        "error": null
      }
    ]
  }
}

Batch instead of single Product

The event arrives when the entire batch has completed or failed. Individual Product details are in the products array.
4

Verify X-Webhook-Signature

Resell Scan signs the body with HMAC-SHA256. The header format is t=[timestamp],v1=[signature].

Verify signaturets
import crypto from 'crypto';

function verifyWebhookSignature(payload: string, header: string, secret: string) {
  const parts = Object.fromEntries(
    header.split(',').map((part) => {
      const [key, value] = part.split('=');
      return [key, value];
    })
  );

  const signedPayload = `${parts.t}.${payload}`;
  const expected = crypto
    .createHmac('sha256', secret)
    .update(signedPayload)
    .digest('hex');

  return crypto.timingSafeEqual(
    Buffer.from(expected),
    Buffer.from(parts.v1)
  );
}

Use the raw body

Verify the signature against the unchanged request body. If you reserialize JSON first, the signature can fail because of different whitespace or order.
5

Check logs and retries

In the webhook list, you can edit webhooks, delete them, and view logs.

Resell Scan records status code, response text, success, and attempt count.
Failed deliveries are retried up to 5 times.
Retries use exponential delay.
Dispatch has a timeout of 10 seconds per request.

Respond quickly

After successful validation, return a 2xx response as quickly as possible and move longer processing to a queue. This reduces timeouts and unnecessary retries.

At the end of this guide you can:

prepare a webhook endpointsubscribe to analysis.completedstore the webhook secret securelyinterpret payloads correctlyverify X-Webhook-Signatureevaluate logs and retries
Open webhooks