Courier providers. Payment devices. Third-party integrators. Outbound webhooks you subscribe to. Inbound webhooks Andromeda calls on your endpoint, signed with HMAC-SHA256 so you can verify every byte.
Every event on the platform. Delivered, signed, idempotent, with a retry policy you can tune.
Courier providers deliver 订单 (Uber Direct first-party; others via Stuart or Andromeda-managed dispatch). Payment devices are Stripe Terminal readers bound to a location. Third-party integrators are external systems (your CRM, your accounting pipe, a bespoke BI tool) authorised against your tenant. Webhooks are the inbound channel for everything that happens — subscribe, receive, verify signature, acknowledge.
Subscribe to any subset. Every event carries the same outer envelope — eventId, eventType, occurredAtUtc, organizationId, data.
X-Andromeda-Signature: sha256=<hex>. Compute HMAC-SHA256 of the raw request body using your webhook secret and compare in constant time. Reject mismatches with 401 Unauthorized. Never trust the payload before verification.
Subscribe to a webhook. Verify a signature. Book a courier. Register a Stripe reader. Listen for an order event. Handle a retry cleanly.
Tell Andromeda where to deliver events. You pick the URL, the event types, and an HTTPS endpoint on your side that can respond within 5 seconds. The response includes the signing secret — shown once, store it safely.