Webhooks
OCMLabs Webhooks pushes store events to any external system the moment they happen. Subscribe a URL to any of 10 curated events (or any Magento event by name), shape the JSON payload with a Smarty template, and get HMAC-signed, queue-based delivery with automatic retries and a full delivery log in the admin.
✦Never blocks your store
Events publish to a message queue and deliver asynchronously. Checkout and admin saves never wait on a slow or unreachable endpoint.
✦Payloads you control
Smarty templates with a live variable reference and per-event defaults. Send the exact JSON your ERP, CRM, or notification service expects.
✦Signed and secure
HMAC-SHA256 signatures, per-webhook Bearer/Basic auth encrypted at rest, an SSRF guard on destination URLs, and a sandboxed template engine.
✦Built-in observability
Every attempt logged with status, HTTP code, duration, and request/response bodies. Automatic retries with exponential backoff and idempotency keys.
Outbound webhooks that push store events anywhere, in real time
OCMLabs Webhooks turns Magento 2 events into signed HTTP deliveries. Subscribe a URL to orders, shipments, customers, products, or stock changes; shape the JSON with a Smarty template; and let the queue-based pipeline handle signing, delivery, retries, and logging - without ever slowing your checkout.
Ten curated events, plus any event you can name
Orders, shipments, invoices, credit memos, customers, products, and stock changes are covered out of the box with sensible default payloads. Flip one config switch and you can subscribe a webhook to any Magento event by name. A lightweight observer publishes to a message queue, so the shopper never waits on your endpoint.
Payloads shaped exactly how your endpoint expects
Every webhook carries a Smarty template, prefilled per event and fully editable - send the JSON your ERP, CRM, or notification service actually wants. A live variables panel documents everything a template can reference from real store data, and a Send Test button delivers a sample payload before you commit.
Secure and verifiable by default
Set a secret and every delivery is signed with an HMAC-SHA256 X-Webhook-Signature header your receiver can verify. Bearer and Basic auth are supported per webhook with credentials encrypted at rest, destination URLs pass an SSRF guard, and admin-authored templates run in a locked-down Smarty sandbox.
Reliability your receiver can build on
Delivery is at-least-once: failed attempts retry automatically with exponential backoff, every attempt shares an X-Webhook-Delivery-Id idempotency UUID for safe deduplication, and the admin Delivery Log records status, HTTP code, duration, and request/response bodies for every attempt. Old entries prune themselves on a configurable retention schedule.
✦ IN THE STORE & IN THE ADMIN
See it working.
✦ INSTALLATION
Two commands. Like it should be.
# keys provisioned to your dashboard at purchase $ composer require ocmlabs/module-webhook $ bin/magento setup:upgrade
✦ RELEASE LOG
Maintained like production code - because it is.
1.1.1
Fixed
- The Send Test result modal now shows why a test delivery failed - template errors (with the line number), blocked destination URLs, and HTTP or timeout errors.
- Send Test now renders templates against the same payload shape as real deliveries, so templates using enriched order data (billing address, items) test correctly.
1.1.0
Added
- Dynamic "Available Template Variables" panel on the webhook form, loading the real variable set for the selected event from live store data.
Changed
- Delivery log grid shows event display names and links each entry to its webhook.
- Delivery log detail explains absent request bodies and adds back navigation.
1.0.2
Fixed
- Saving a webhook no longer fails when its template references variables absent from the save-time sample data.
1.0.1
Added
- Adobe Commerce support via the ocmlabs/module-webhook-commerce metapackage.
1.0.0
Initial release: queue-based outbound webhooks with 10 curated events, custom event subscriptions, sandboxed Smarty payload templates, HMAC-SHA256 signing, per-webhook authentication, automatic retries with exponential backoff, delivery logging with configurable retention, and a synchronous Send Test.
✦ THE OCM LABS LICENSE
Your code. Your keys.
✦ MODULE QUESTIONS
Before you buy.
Support & Documentation
Need more help?
Our support team typically responds within 1 business day.