Create a publicly accessible HTTPS endpoint in your application that can accept HTTP POST requests from Shippo
POST to https://api.goshippo.com/webhooks/ with url (your endpoint URL) and event (e.g. transaction_created, transaction_updated, or track_updated) to register the webhook
Store the returned webhook_id for later reference or deletion
On each incoming Shippo webhook POST, parse the event field to determine the event type, then extract the relevant object data (transaction or tracker)
Verify webhook authenticity using the Shippo-Signature header if a secret was configured, or restrict your endpoint by IP allowlist to Shippo's published IP ranges
Return HTTP 200 within 3 seconds; if your endpoint is slow, return 200 immediately and defer processing to a background job — Shippo retries twice on 408, 429, or 5xx responses
Known gotchas
Shippo supports up to six event types (all, transaction_created, transaction_updated, track_updated, batch_created, batch_purchased); subscribing to 'all' on high-volume accounts generates significant inbound traffic that can overwhelm slow webhook handlers
The track_updated event only fires when Shippo detects a change in carrier tracking status; there is no guaranteed frequency, and quiet periods between carrier scans will produce no webhook events even for in-transit packages
Shippo retries failed webhooks only twice; after the second failure the event is dropped and is not recoverable — implement idempotent handlers that can safely re-process events and monitor for missed deliveries via periodic API polling as a fallback
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp