External resources
How to manage resources via external serverless functions
Commerce Layer lets you manage some resources (i.e. prices, promotions, payment gateways, tax calculators, and more to come) from the outside of the platform itself, using an external service of your choice or a serverless function.
In order to get the data from the external source, when needed, we trigger a POST
request to the endpoint that you specified. The request contains a JSON payload that will be detailed case by case, along with the successful response (or error) format we expect to receive back.
When you create a new external resource, a shared secret is generated. It will be used each time we send data to the specified endpoint to sign the payload. The signature will be stored in the X-CommerceLayer-Signature header so that you can verify the callback authenticity and consider it reliable.
Callbacks securityCircuit breaker
All the external resources are subject to a circuit breaker check: if the call to your external endpoint fails consecutively more than 30 times, the circuit breaker opens and any further request to the resource will be skipped.
An open circuit for an external resource might result in a 422
error in some specific cases (e.g. external prices), but it is usually ignored with a 200 OK
response status to avoid accidental side effects on the order lifecycle.
Resetting the circuit
The circuit is automatically reset anytime a call to your external endpoint succeeds before reaching the counter's threshold.
You can also reset the circuit manually by passing the _reset_circuit
trigger attribute (you must use integration API credentials). This is also your only option in case the circuit is stuck in the open state:
You'll be notified via email every time the circuit breaker counter reaches 10 consecutive failures, as an early warning. Another notification is sent when the circuit breaker opens.
Payload format
The request payload sent to an external endpoint has the same format that you get when fetching a resource through the REST API, with some relevant resources included.
Response format
The response we require from the external endpoint is a JSON featuring the outcome of the operation, along with some data and error information (if any), based on what type of external resource is involved.
In case of success, you can add additional info by populating the response metadata
attribute (that information will be stored in the resource metadata):
Any external endpoint has 3 seconds to respond before being timed out.
Request headers
Any request sent to an external endpoint is enriched with the following headers:
Header | Description |
---|---|
| The type of external request, in the format |
| The encrypted signature you need to verify the callback authenticity. |
| The ID of the API request that triggered the call to external service (i.e. the |
| The topic of the event that triggered the call to the webhook callback URL (e.g. |
Last updated