Integrations

Coinbase Commerce Webhooks Guide

Coinbase payment webhooks notify your systems when crypto checkout or charge state changes. Those events often unlock fulfillment, mark invoices paid, update customer orders, and feed reconciliation workflows, so signature verification and replay safety matter.

FastHook gives Coinbase a stable source URL, verifies Coinbase webhook signatures, stores request evidence, routes accepted charge and checkout events to destinations, and keeps retries or replay scoped to failed delivery records.

Provider recovery map for Coinbase payment webhook events. — Payment recovery should be narrow. Confirm the Coinbase request, routed event, and destination attempt before replaying checkout traffic.

Coinbase signature headers

Coinbase webhook implementations exist in both legacy Commerce and newer Coinbase webhook flows. FastHook accepts both shapes for the Coinbase Commerce source type.

Header	Where it appears	FastHook behavior
`x-cc-webhook-signature`	Legacy Coinbase Commerce deliveries	Verifies HMAC-SHA256 hex over the raw body.
`X-Hook0-Signature`	Current Coinbase webhook signature docs	Verifies timestamped v0 or v1 signatures when present.

Create a Coinbase Commerce source

Create Coinbase Commerce source

curl -X POST "https://api.fasthook.io/v1/sources" \
  -H "Authorization: Bearer $FASTHOOK_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Coinbase Commerce production",
    "type": "COINBASE_COMMERCE",
    "config": {
      "auth_type": "PROVIDER_SIGNATURE",
      "auth": {
        "provider": "COINBASE_COMMERCE",
        "webhook_signing_secret": "coinbase-shared-secret"
      },
      "allowed_http_methods": ["POST", "PUT", "PATCH", "DELETE"]
    }
  }'

Charge and checkout routing

Route Coinbase payment events by the workflow they affect. Fulfillment, finance, fraud review, customer notification, and analytics destinations usually need different retry and idempotency behavior.

Keep checkout success or charge confirmation paths separate from analytics-only destinations.
Use provider ids as idempotency inputs before marking an order paid.
Pause or throttle reconciliation destinations before replaying a failed payment window.
Store rejected source auth evidence so signature issues do not look like downstream delivery failures.

Debugging Coinbase webhooks

No request appears: confirm Coinbase is using the generated FastHook Source URL.
Missing signature: inspect whether the provider sent legacy x-cc-webhook-signature or current X-Hook0-Signature.
Signature mismatch: verify the shared secret and keep the raw request body unchanged.
Accepted request but no side effect: inspect FastHook event routing and destination attempts.
Duplicate fulfillment: add receiver idempotency before retrying or replaying payment events.

Coinbase Commerce Webhooks Guide

Coinbase signature headers

Create a Coinbase Commerce source

Charge and checkout routing

Debugging Coinbase webhooks

Official Coinbase docs

Related guides