NaijaTaste API webhooks for event notifications

Webhooks let your system receive automatic notifications when specific events happen on the platform.

Webhooks are on the roadmap. The current public API is request-response only. This page documents the intended behaviour when the webhook tier ships.

Planned events

Event	When it fires
`cache.invalidated`	A cached restaurant query is invalidated and refreshed
`places.updated`	Google Places data for a tracked location is updated
`api.rate_limit_warning`	Your integration is approaching the rate limit threshold

Registering a webhook

When the webhook tier ships:

curl -X POST https://naijataste-api.onrender.com/webhooks \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://yourapp.com/webhooks/naijataste",
    "events": ["cache.invalidated", "places.updated"]
  }'

Verifying webhook signatures

All payloads will be signed with HMAC-SHA256. Always verify before processing:

const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

Never trust unverified webhook payloads. Always verify the signature first.

Retry behaviour

Failed deliveries are retried with exponential backoff:

Attempt	Delay
1	Immediate
2	30 seconds
3	5 minutes
4	1 hour
5	24 hours

After five failed attempts, the event is marked undeliverable.

Rate limits

How rate limits interact with webhook delivery and API access.

NaijaTaste API keys and the planned auth tier

NaijaTaste API rate limits and 429 handling

​Planned events

​Registering a webhook

​Verifying webhook signatures

​Retry behaviour

Rate limits

Planned events

Registering a webhook

Verifying webhook signatures

Retry behaviour