LoginSign UpGet Demo
Get accountRequest Demo
DocumentationIntegrationsTools
BlogChangelogPricingLogin
Back

Quick Guide to Implementing Webhooks in WordPress.com

Aug 7, 20247 minute read

Hey there, fellow JavaScript dev! Ready to dive into the world of WordPress.com webhooks? Buckle up, because we're about to turbocharge your WordPress.com integrations with some real-time goodness.

What's the Deal with Webhooks?

Webhooks are like the cool kids of the API world. Instead of constantly pestering a server for updates, webhooks let the server come to you when something interesting happens. It's like having a personal assistant for your app, keeping you in the loop without all the hassle.

Before We Jump In

Make sure you've got:

  • A WordPress.com account with a Business or eCommerce plan (because who doesn't want the fancy stuff?)
  • A solid grasp on REST APIs and webhooks (but you're a JS dev, so I'm sure you're all over that)
  • Node.js ready to roll on your machine

Getting Cozy with the WordPress.com API

First things first, let's get you set up with the WordPress.com API:

  1. Head over to the WordPress.com developer portal
  2. Create a new application (give it a cool name, why not?)
  3. Grab your client ID and client secret – treat these like your secret sauce

Auth Time: Getting that Access Token

We're using OAuth 2.0 here, because security is sexy. Here's a quick snippet to get your access token:

const axios = require('axios');
const qs = require('querystring');

const getAccessToken = async (clientId, clientSecret, code) => {
  const response = await axios.post('https://public-api.wordpress.com/oauth2/token', qs.stringify({
    client_id: clientId,
    client_secret: clientSecret,
    code: code,
    grant_type: 'authorization_code',
    redirect_uri: 'YOUR_REDIRECT_URI'
  }));
  
  return response.data.access_token;
};

Creating Your Webhook Subscription

Now for the fun part – setting up your webhook subscription. WordPress.com offers a bunch of topics you can subscribe to, like post updates, comments, and more.

Here's how you create a subscription:

const createWebhookSubscription = async (accessToken, topic, targetUrl) => {
  const response = await axios.post('https://public-api.wordpress.com/rest/v1.1/sites/YOUR_SITE_ID/webhooks/new', {
    topic: topic,
    delivery_url: targetUrl
  }, {
    headers: { Authorization: `Bearer ${accessToken}` }
  });
  
  return response.data;
};

Handling Those Sweet, Sweet Payloads

Time to set up a simple Express server to catch those webhooks:

const express = require('express');
const crypto = require('crypto');

const app = express();
app.use(express.json());

app.post('/webhook', (req, res) => {
  const signature = req.get('X-WordPress-Signature');
  const payload = JSON.stringify(req.body);
  
  // Verify the signature (replace 'YOUR_SECRET' with your actual secret)
  const expectedSignature = crypto.createHmac('sha256', 'YOUR_SECRET').update(payload).digest('hex');
  
  if (signature === expectedSignature) {
    console.log('Webhook received:', req.body);
    res.sendStatus(200);
  } else {
    console.error('Invalid signature');
    res.sendStatus(403);
  }
});

app.listen(3000, () => console.log('Webhook server running on port 3000'));

Managing Your Webhook Subscriptions

Want to see what subscriptions you've got? Update them? Give them the boot? We've got you covered:

// List subscriptions
const listSubscriptions = async (accessToken) => {
  const response = await axios.get('https://public-api.wordpress.com/rest/v1.1/sites/YOUR_SITE_ID/webhooks', {
    headers: { Authorization: `Bearer ${accessToken}` }
  });
  return response.data;
};

// Update a subscription
const updateSubscription = async (accessToken, webhookId, newUrl) => {
  const response = await axios.post(`https://public-api.wordpress.com/rest/v1.1/sites/YOUR_SITE_ID/webhooks/${webhookId}`, {
    delivery_url: newUrl
  }, {
    headers: { Authorization: `Bearer ${accessToken}` }
  });
  return response.data;
};

// Delete a subscription
const deleteSubscription = async (accessToken, webhookId) => {
  await axios.post(`https://public-api.wordpress.com/rest/v1.1/sites/YOUR_SITE_ID/webhooks/${webhookId}/delete`, {}, {
    headers: { Authorization: `Bearer ${accessToken}` }
  });
};

Pro Tips for Webhook Mastery

  1. Always handle errors gracefully – nobody likes a crashy app
  2. Implement retries for failed webhook deliveries (because the internet isn't perfect)
  3. Keep an eye on those rate limits – WordPress.com isn't your personal punching bag
  4. Secure your webhook endpoint like it's Fort Knox – use HTTPS and validate those signatures!

Troubleshooting Like a Boss

Running into issues? Don't sweat it:

  • Double-check your API credentials if you're getting auth errors
  • Make sure your webhook endpoint is publicly accessible
  • Triple-check that signature validation – a single character off and you're in for a bad time

You're Now a Webhook Wizard!

And there you have it! You're now armed and dangerous with WordPress.com webhook knowledge. Remember, with great power comes great responsibility – use these webhooks wisely, and your WordPress.com integrations will be the talk of the town.

Now go forth and webhook all the things! 🚀

Ship integrations on autopilot

Get Demo
Resources
DocumentationIntegrationsAPI Integration GuidesBlogChangelogPricingSupport
Legal
Terms of ServicePrivacy PolicyGoogle API
© 2024 Playbook Software Inc.