Shopify webhooks
Every Shopify topic nohold subscribes to during install and what each one does.
Every Shopify topic nohold subscribes to during install, and what each one does.
Subscription list
| Topic | What nohold does |
|---|---|
orders/create | Run split detection; if mixed, persist a split row and enqueue dispatch. The primary action. |
orders/updated | Refresh payment-status visibility on any matching split. When status flips to paid and the deposit-paid release rule is in use, the next inventory tick can release. |
orders/cancelled | Mark the corresponding Brightpearl Sales Orders cancelled, flag for reconciliation, and release the Shopify hold so the inventory is freed. |
refunds/create | Sum the successful refund transactions onto the split row and write an audit note on each child Brightpearl Sales Order. |
inventory_levels/update | For each held fulfillment containing this inventory item, check stock-on-hand; if covered, release the Shopify hold and transition the BP SO (subject to the release rule). |
app_subscriptions/update | Track the merchant's plan through Shopify's billing system. |
app/uninstalled | Begin the GDPR redaction process (29-day grace per Shopify's app-uninstall lifecycle). |
customers/data_request | Return any customer data we hold to the merchant for forwarding. |
customers/redact | Redact a specific customer's identifying fields from our stored webhook payloads. |
shop/redact | Hard-delete all data for the merchant 48 hours after Shopify confirms uninstall. |
Email delivery webhooks
When customer notification emails are enabled (Growth+), nohold also receives delivery-event webhooks from its email provider:
- Bounced. The audit-log row for that send is marked bounced.
- Marked as spam. The audit-log row is marked complained.
These webhooks are cryptographically signed; nohold verifies the signature before accepting.
Authenticity verification
Shopify webhooks are HMAC-SHA256 signed (X-Shopify-Hmac-Sha256 header). nohold rejects any webhook whose signature doesn't validate against the shop's webhook secret.
Email-delivery webhooks are cryptographically signed by the provider; nohold rejects any whose signature doesn't validate.
Retry behavior
Shopify retries failed webhooks with exponential backoff for 48 hours. nohold's sweeper provides an additional safety net for the orders/create topic. It recovers inbound webhook deliveries that started processing but never finished, even outside Shopify's retry window.
For the other topics, nohold relies on Shopify's own retry. There's no merchant-side sweeper recovery for refund or inventory webhooks. If a refund webhook is genuinely lost (very rare in practice), the merchant can manually trigger reconciliation by re-saving the refund in Shopify.