# Webhooks

When an event occurs, an HTTP `POST` call is issued on the callback URLs you set up with the event data. Data is sent with `application/json` header content-type, and `json` format as payload. Callback URLs must be defined with HTTPS protocol and should be available with `POST` verb to send data payload. iAdvize expects to have a 20x HTTP status in the callback result.

## Timeouts

The connection timeout (time to establish the HTTP connection) is set to 1 second. Once connected, the server is expected to process the request and send a response within 30 seconds (reply timeout).

## Delivery headers <a href="#delivery-headers" id="delivery-headers"></a>

iAdvize will send the payload with three additional headers:

* x-iadvize-delivery: UUID, unique identifier to describe this webhook delivery
* x-iadvize-correlationid: UUID, event identifier used in a retry webhooks to track same callback calls.
* x-iadvize-signature: Hash signature, cf. Security section

## Webhook retry management <a href="#webhook-retry-management" id="webhook-retry-management"></a>

If errors occur during the webhook query (40x, 50x HTTP status codes), we will retry two times. We will try to send you the following requests:

* First time after a delay of 10 seconds,
* and the second time after 20 seconds (so, 30 seconds after the first call).

In case of failure, you may need to track events in error, by following "X-iAdvize-CorrelationId" in headers, or "eventId" in the payload.

## Webhook security <a href="#webhook-security" id="webhook-security"></a>

Please refer to [this section](https://docs.iadvize.dev/apps/build-your-app/app-security).

## Webhook timeout

The default timeout is 30 seconds\\