Configuring the GitHub Marketplace webhook
After creating a draft GitHub Marketplace listing, you can configure a webhook that notifies you when changes to customer account plans occur. After you configure the webhook, you can handle the
marketplace_purchase event types in your app.
The GitHub Marketplace event webhook can only be set up from your application's GitHub Marketplace listing page. You can configure all other events from your application's developer settings page. If you haven't created a GitHub Marketplace listing, read "Creating a draft GitHub Marketplace listing" to learn how.
Creating a webhook
To create a webhook for your GitHub Marketplace listing, click Webhook in the left sidebar of your GitHub Marketplace listing page. You'll see the following webhook configuration options needed to configure your webhook:
The payload URL is the URL of the server that will receive the webhook
Webhooks can be delivered using different content types:
application/jsoncontent type will deliver the JSON payload directly as the body of the
application/x-www-form-urlencodedcontent type will send the JSON payload as a form parameter called
Choose the one that best fits your needs.
GitHub recommends using the
application/json content type.
Setting a webhook secret allows you to ensure that
POST requests sent to the payload URL are from GitHub. When you set a secret, you'll receive the
X-Hub-Signature header in the webhook
POST request. For more details on how to use the secret and the
X-Hub-Signature header to secure your webhook payloads, see "Securing your webhooks."
If your "Payload URL" is a secure site (HTTPS), you will have the option to configure the SSL verification settings. If your "Payload URL" is not secure (HTTP), GitHub will not display this option. By default, GitHub verifies the SSL certificate of your website when delivering webhook payloads. SSL verification helps ensure that hook payloads are delivered to your URL endpoint securely. You have the option to disable SSL, but we recommend keeping Enable SSL verification selected.
By default, webhook deliveries are "Active." You can choose to disable the delivery of webhook payloads during development by deselecting "Active." If you've disabled webhook deliveries, you will need to select "Active" before you submit your app for review.
Viewing webhook deliveries
Once you've configured your GitHub Marketplace webhook, you'll be able to inspect
POST request payloads from the Webhook page of your application's GitHub Marketplace listing. GitHub doesn't resend failed delivery attempts. Ensure your app can receive all webhook payloads sent by GitHub.