API and integrations
Subscribing to webhooks
Webhook subscriptions receive signed run and sync events at an HTTPS endpoint.
Quick answer
Webhook subscriptions receive signed run and sync events at an HTTPS endpoint.
What this means
Use this when you are one of the operators and developers automating Storeshift workflows. The goal is simple: understand what Storeshift changes, what Shopify will import, and what you should review before a real catalog update.
Plain-English rule: do the smallest safe action first, inspect the result, then scale up. That means preview before full run, sample import before full import, and review before publishing.
Before you change a live Shopify catalog, check product titles, body copy, image order, variant options, prices, handles, SKUs, SEO fields, and any warnings shown on the run page.
Simple checklist
- 01Create an API key for one integration, store it securely, and rotate it when needed.
- 02Use webhook signatures before trusting run-ready or run-failed events.
- 03Test automation in sandbox or preview flows before connecting it to real catalog imports.
Common mistakes to avoid
- Putting raw API keys in client-side code or shared spreadsheets.
- Trusting webhook payloads without checking the HMAC signature.
- Automating full catalog changes before the preview and review steps are proven.