Create a webhook by POSTing to `https://api.bigcommerce.com/stores/{store_hash}/v3/hooks` with `scope` (e.g., `store/order/created`), `destination` (your HTTPS URL), and `is_active: true`.
Immediately respond to each incoming webhook POST with HTTP 200; BigCommerce will retry unacknowledged webhooks, and repeated failures will disable the webhook.
Verify webhook authenticity by checking the `X-Webhook-Signature` header — compute an HMAC-SHA256 of the request body using your client secret and compare.
The webhook payload contains minimal data (resource ID and event type); fetch full resource details by making a subsequent API call using the `producer` field's resource ID.
List existing webhooks with a GET to the hooks endpoint to audit active subscriptions and detect duplicates before creating new ones.
Reactivate a disabled webhook by sending a PUT to `/v3/hooks/{webhook_id}` with `is_active: true` after fixing the endpoint availability issue.
Known gotchas
BigCommerce disables webhooks after a sustained period of delivery failures (e.g., repeated 5xx or timeouts from your endpoint) — implement monitoring to detect and reactivate disabled hooks.
Webhook payloads do not include full resource data, only a pointer — your handler must make an authenticated follow-up API call to retrieve order details, which counts against your rate limit.
The webhook signature header name and signing mechanism have varied across documentation versions — always verify against the current API reference for your store's API version.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp