Shipment update webhook questions


I have recently launched our graphql api integration into prod.
Almost everything is working correctly, however I cannot for the life of me understand how to authenticate the Shipment Update webhook.

I know that you need to test against the HTTP_X_SHIPHERO_HMAC_SHA256 header, in fact I was doing this in my testing integration, and it was working perfectly. However, now that I have shifted over to prod this test keeps failing. To be clear, I created an API key in the Settings area and am using that secret key. But I do have other keys in the Settings area of my prod account, so I am afraid I am using the wrong secret key to generate the hash on my end. Is it possible to view the secret key Shiphero is using to generate the HTTP_X_SHIPHERO_HMAC_SHA256 header?

Also, I am noticing that in some cases it takes up to 10 minutes after a shipment is closed for Shiphero to hit the webhook, is there a reason for this?

Thank you,

Hi @Csraspini
Thanks for reaching out!

The secret, for now, you should be able to see it at
That one should be the one used to generate the header.

As for the 10 minutes there might be some slight delay from the shipment creation to the webhook triggering depending on the amount of shipments being processed for example

Let me know if that doesn’t help.
Thanks in advance!

Hi Tom,

Yes, that’s exactly where I looked. However we have several keys in that panel, and the one I was expecting to work doesn’t. So I am not certain how to proceed… should I try them all, or is it possible for you to check on your end somehow which one it is using?


Hi @Csraspini!
Thanks for confirming that! In that case, I would say to try them all, but if there are a lot of them, I can go to our engineers for assistance on that one.
We are looking on implementing those secrets soon when registering a webhook via the Public API, but we still don’t have a clear ETA on that one yet.

Thanks again!