Setup
To receive webhook updates, provide your webhook URL and a unique webhook secret in the GoSpeed Logistics dashboard. This secret will be used to validate the authenticity of incoming webhook requests.
Security & Signature Verification
x-gsl-signature
string
required
HMAC-SHA256 signature header included with each webhook request
Signature Computation:
hmac_sha256(body, webhook_secret)
Where
body is the raw JSON body of the request (before parsing)
Verification Examples
JavaScript (Node.js)
// Node.js verification example
const crypto = require('crypto');
function verifyWebhook(request, secret) {
const signature = request.headers['x-gsl-signature'];
const hmac = crypto.createHmac('sha256', secret)
.update(JSON.stringify(request.body))
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(hmac)
);
}
Payload Example
{
"event": "delivery_status_updated",
"delivery_id": "dly_890123",
"order_number": "ORD-0012345",
"status": "READY_TO_DELIVER",
"updated_at": "2023-09-12T14:22:00Z"
}
Status Values
NOT_ASSIGNED
NOT_ACCEPTED
NOT_STARTED_YET
PICKED_UP
STARTED
READY_TO_DELIVER
ALREADY_DELIVERED
INCOMPLETE
FAILED_DELIVERY
Recommended Response
Return a 200 OK status code to acknowledge receipt of the webhook.
Any non-2xx response will trigger retries with exponential backoff.
Status Codes
200 OK
The webhook was successfully received and processed.
400 Bad Request
The webhook payload was malformed or missing required fields.
401 Unauthorized
The webhook signature verification failed.
500 Internal Server Error
An unexpected error occurred while processing the webhook.
Support
If you experience issues integrating with this API, contact GoSpeed Logistics developer support at dev@gospeedlog.com.
Please include your order_number
or delivery_id
where applicable.