Subscription Create

creating subscriptions subscriptions are how the subscriber determines what events it needs to send out notifications for once you’ve created your subscriber , you can customize the sorts of information that you may want to pull into your integrated system(s) to create your subscriptions you will need to know the uuid of the caterer locations for which you want notifications to be sent across the integration these can be retrieved by making a docid\ laomlo pm8bz0wziz99hv query for each location, you will need to create a subscription for every event you want to receive notifications for as the integration functionality expands, there may be additional subscription options as well! we recommend exploring docid 6fu5dgr5rpbwat27pcxz and docid 6fu5dgr5rpbwat27pcxz to determine which available values are going to be useful for meeting your needs you can find examples of how these subscriptions might look below once your subscriptions are set up, you should now receive subscription notifications at the webhookurl that was specified during docid\ wz2jpt1m xin8k7f58ekb if you need to change the webhookurl , you can use the docid\ fnkr2tow6hwaycrgw37bp mutation to change the webhookurl and/or name of your subscriber mutation mutation mutation createsubscription($subscriptionparams createsubscriptionfields!) { createsubscription(subscriptionparams $subscriptionparams) { subscription { evententity eventkey parententity parentid subscriberid } } } variables if you need your subscriberid you can run the docid 9dzcbpmxx vinlglprqhr query variables order accepted { "subscriptionparams" { "evententity" "order", "eventkey" "accepted", "parententity" "caterer", "parentid" "ezcater caterer id", "subscriberid" "your subscriber id" } } variables menu updated { "subscriptionparams" { "evententity" "mennu", "eventkey" "updated", "parententity" "caterer", "parentid" "ezcater caterer id", "subscriberid" "your subscriber id" } } variables menucreationrequest succeeded { "subscriptionparams" { "evententity" "menucreationrequest", "eventkey" "succeeded", "parententity" "caterer", "parentid" "ezcater caterer id", "subscriberid" "your subscriber id" } } arguments argument name description subscriptionparams docid 6fu5dgr5rpbwat27pcxz the input object for making new subscribers return type returns a docid 6fu5dgr5rpbwat27pcxz successful responses when the createsubscription mutation succeeds you can expect the response payload to look like response { "data" { "createsubscription" { "subscription" { "evententity" "order", "eventkey" "accepted", "parententity" "caterer", "parentid" "ezcater caterer id", "subscriberid" "your subscriber id" } } } } failure responses when createsubscription mutation fails you can expect the response payload to look like response { "errors" \[ { "message" "subscription could not be created ", "path" \[ "createsubscription" ], "extensions" { "type" "summary", "servicename" "external events", "code" "downstream service error", "exception" { "message" "subscription could not be created ", "locations" \[ { "line" 1, "column" 96 } ], "path" \[ "createsubscription" ] } } } ], "data" { "createsubscription" null } } receiving notifications once you have set up your integration, you will begin to receive event subscription notifications for any subscriptions you have set up notifications will be sent to the webhookurl specified during subscriber creation the notifications will provide basic information about the event that occurred, but for detailed information, you can query the public api notification { "id" "\[uuid of the notification]", "parent type" "caterer", "parent id" "\[uuid of the caterer]", "entity type" "\[type of event]", "entity id" "\[uuid of the order]", "key" "\[entity event key]", "created at" "\[time]", "occurred at" "\[time]", "updated at" "\[time]", "payload"\ null } notification order accepted { "id" "ezcater notification id", "parent type" "caterer", "parent id" "ezcater caterer id", "entity type" "order", "entity id" "your ezcater order id", "key" "accepted", "created at" "2025 04 15 23 48 23 utc", "occurred at" "2025 04 15 23 48 23 utc", "updated at" "2025 04 15 23 48 23 utc", "payload"\ null } notification menu updated { "id" "ezcater notification id", "parent type" "caterer", "parent id" "ezcater caterer id", "entity type" "menu", "entity id" "your ezcater menu version id", "key" "updated", "created at" "2025 04 15 23 48 23 utc", "occurred at" "2025 04 15 23 48 23 utc", "updated at" "2025 04 15 23 48 23 utc", "payload"\ null } notification menucreationrequest succeeded { "id" "ezcater notification id", "parent type" "caterer", "parent id" "ezcater caterer id", "entity type" "menucreationrequest", "entity id" "your ezcater menu creation request id", "key" "succeeded", "created at" "2025 04 15 23 48 23 utc", "occurred at" "2025 04 15 23 48 23 utc", "updated at" "2025 04 15 23 48 23 utc", "payload"\ null } validating notifications it is recommended to validate that the webhook subscription notifications you received actually came from ezcater the x ezcater signature header value consists of a timestamp and the signature , separated by a period you can use the timestamp from this header, your webhooksecret value (from when you initially created the subscription), and the request body to verify this signature create a computed signature payload from the webhook request data you need two pieces of information for this step the timestamp from the x ezcater signature header, which is the first portion before the period the request body concatenate these two values using a period to obtain a computed signature payload for example, in ruby this would look something like timestamp = x ezcater signature header split(“ ”) \[0] computed signature payload = \[timestamp to i, request body] join(" ") compute an hmac signature of the request data you need two pieces of information for this step the computed signature payload from step 1 the webhooksecret provided to you when you created your subscription compute an hmac signature using your webhooksecret and the computed signature payload for example, in ruby this would look something like signature = openssl hmac hexdigest("sha256", webhook secret, computed signature payload) compare the provided signature with the computed one you need two pieces of information for this step the computed hmac signature from step 2 the provided signature from the webhook request compare the computed hmac signature with the value after the period in the x ezcater signature header if these two values match, the request is valid if they do not match, the request may have been tampered with or originated from an unauthorized source