marketplace-order-hook
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseOrder Integration & Webhooks
订单集成与Webhooks
When this skill applies
本指南适用场景
Use this skill when building an integration that needs to react to order status changes in a VTEX marketplace — such as syncing orders to an ERP, triggering fulfillment workflows, or sending notifications to external systems.
- Configuring Feed v3 or Hook for order updates
- Choosing between Feed (pull) and Hook (push) delivery models
- Validating webhook authentication and processing events idempotently
- Handling the complete order status lifecycle
Do not use this skill for:
- Catalog or SKU synchronization (see )
marketplace-catalog-sync - Invoice and tracking submission (see )
marketplace-fulfillment - General API rate limiting (see )
marketplace-rate-limiting
当你需要构建响应VTEX市场订单状态变更的集成时可使用本指南,比如将订单同步到ERP、触发履约工作流、向外部系统发送通知等场景。
- 配置Feed v3或Hook实现订单更新通知
- 在Feed(拉取)和Hook(推送)两种交付模型之间做选型
- 校验webhook身份认证,以幂等方式处理事件
- 处理完整的订单状态生命周期
本指南不适用于以下场景:
- 商品目录或SKU同步(请参考)
marketplace-catalog-sync - 发票和物流信息提交(请参考)
marketplace-fulfillment - 通用API限流处理(请参考)
marketplace-rate-limiting
Decision rules
决策规则
- Use Hook (push) for high-performance middleware that needs real-time order updates. Your endpoint must respond with HTTP 200 within 5000ms.
- Use Feed (pull) for ERPs or systems with limited throughput where you control the consumption pace. Events persist in a queue until committed.
- Use Feed as a backup alongside Hook to catch events missed during downtime.
- Use FromWorkflow filter when you only need to react to order status changes (simpler, most common).
- Use FromOrders filter when you need to filter by any order property using JSONata expressions (e.g., by sales channel).
- The two filter types are mutually exclusive. Using both in the same configuration request returns .
409 Conflict - Each appKey can configure only one feed and one hook. Different users sharing the same appKey access the same feed/hook.
| Feed | Hook | |
|---|---|---|
| Model | Pull (active) | Push (reactive) |
| Scalability | You control volume | Must handle any volume |
| Reliability | Events persist in queue | Must be always available |
| Best for | ERPs with limited throughput | High-performance middleware |
Hook Notification Payload:
json
{
"Domain": "Marketplace",
"OrderId": "v40484048naf-01",
"State": "payment-approved",
"LastChange": "2019-07-29T23:17:30.0617185Z",
"Origin": {
"Account": "accountABC",
"Key": "vtexappkey-keyEDF"
}
}The payload contains only the order ID and state — not the full order data. Your integration must call to retrieve complete order details.
GET /api/oms/pvt/orders/{orderId}Architecture/Data Flow:
text
VTEX OMS Your Integration
│ │
│── Order status change ──────────────▶│ (Hook POST to your URL)
│ │── Validate auth headers
│ │── Check idempotency (orderId + State)
│◀── GET /api/oms/pvt/orders/{id} ─────│ (Fetch full order)
│── Full order data ──────────────────▶│
│ │── Process order
│◀── HTTP 200 ─────────────────────────│ (Must respond within 5000ms)- 对于需要实时订单更新的高性能中间件,使用Hook(推送模式),你的接口必须在5000ms内返回HTTP 200响应。
- 对于吞吐量有限、需要自主控制消费速率的ERP等系统,使用Feed(拉取模式),事件会持久保存在队列中直到被确认消费。
- 搭配Hook使用Feed作为备份方案,捕获服务宕机期间遗漏的事件。
- 如果你只需要响应订单状态变更,使用FromWorkflow过滤器(更简单,最常用)。
- 如果你需要通过JSONata表达式按任意订单属性过滤(比如按销售渠道过滤),使用FromOrders过滤器。
- 两种过滤器类型互斥,在同一个配置请求中同时使用会返回错误。
409 Conflict - 每个appKey仅可配置一个feed和一个hook,共享同一个appKey的不同用户会访问同一个feed/hook。
| Feed | Hook | |
|---|---|---|
| 模式 | 拉取(主动) | 推送(被动响应) |
| 可扩展性 | 自主控制消费量级 | 需要支持任意量级的请求 |
| 可靠性 | 事件持久化保存在队列中 | 服务需要始终可用 |
| 适用场景 | 吞吐量有限的ERP | 高性能中间件 |
Hook通知Payload:
json
{
"Domain": "Marketplace",
"OrderId": "v40484048naf-01",
"State": "payment-approved",
"LastChange": "2019-07-29T23:17:30.0617185Z",
"Origin": {
"Account": "accountABC",
"Key": "vtexappkey-keyEDF"
}
}Payload仅包含订单ID和状态,不包含完整订单数据,你的集成需要调用接口获取完整的订单详情。
GET /api/oms/pvt/orders/{orderId}架构/数据流:
text
VTEX OMS 你的集成服务
│ │
│── 订单状态变更 ──────────────▶│ (Hook POST请求到你的URL)
│ │── 校验认证头
│ │── 校验幂等性 (orderId + State)
│◀── GET /api/oms/pvt/orders/{id} ─────│ (拉取完整订单信息)
│── 完整订单数据 ──────────────────▶│
│ │── 处理订单
│◀── HTTP 200 ─────────────────────────│ (必须在5000ms内响应)Hard constraints
硬性约束
Constraint: Validate Webhook Authentication
约束:校验Webhook身份认证
Your hook endpoint MUST validate the authentication headers sent by VTEX before processing any event. The and fields in the payload must match your expected values.
Origin.AccountOrigin.KeyWhy this matters
Without auth validation, any actor can send fake order events to your endpoint, triggering unauthorized fulfillment actions, data corruption, or financial losses.
Detection
If you see a hook endpoint handler that processes events without checking , , or custom headers → STOP and add authentication validation.
Origin.AccountOrigin.KeyCorrect
typescript
import { RequestHandler } from "express";
interface HookPayload {
Domain: string;
OrderId: string;
State: string;
LastChange: string;
Origin: {
Account: string;
Key: string;
};
}
interface HookConfig {
expectedAccount: string;
expectedAppKey: string;
customHeaderKey: string;
customHeaderValue: string;
}
function createHookHandler(config: HookConfig): RequestHandler {
return async (req, res) => {
const payload: HookPayload = req.body;
// Handle VTEX ping during hook configuration
if (payload && "hookConfig" in payload) {
res.status(200).json({ success: true });
return;
}
// Validate Origin credentials
if (
payload.Origin?.Account !== config.expectedAccount ||
payload.Origin?.Key !== config.expectedAppKey
) {
console.error("Unauthorized hook event", {
receivedAccount: payload.Origin?.Account,
receivedKey: payload.Origin?.Key,
});
res.status(401).json({ error: "Unauthorized" });
return;
}
// Validate custom header (configured during hook setup)
if (req.headers[config.customHeaderKey.toLowerCase()] !== config.customHeaderValue) {
console.error("Invalid custom header");
res.status(401).json({ error: "Unauthorized" });
return;
}
// Process the event
await processOrderEvent(payload);
res.status(200).json({ success: true });
};
}
async function processOrderEvent(payload: HookPayload): Promise<void> {
console.log(`Processing order ${payload.OrderId} in state ${payload.State}`);
}Wrong
typescript
// WRONG: No authentication validation — accepts events from anyone
const unsafeHookHandler: RequestHandler = async (req, res) => {
const payload: HookPayload = req.body;
// Directly processing without checking Origin or headers
// Any actor can POST fake events and trigger unauthorized actions
await processOrderEvent(payload);
res.status(200).json({ success: true });
};你的Hook接口必须在处理任何事件前校验VTEX发送的身份认证头,Payload中的和字段必须和你的预期值匹配。
Origin.AccountOrigin.Key重要性
如果不做身份校验,任何主体都可以向你的接口发送伪造的订单事件,触发未授权的履约操作、数据损坏或者经济损失。
问题排查
如果你发现Hook接口处理程序没有校验、或者自定义头就直接处理事件→立即停止开发,添加身份校验逻辑。
Origin.AccountOrigin.Key正确示例
typescript
import { RequestHandler } from "express";
interface HookPayload {
Domain: string;
OrderId: string;
State: string;
LastChange: string;
Origin: {
Account: string;
Key: string;
};
}
interface HookConfig {
expectedAccount: string;
expectedAppKey: string;
customHeaderKey: string;
customHeaderValue: string;
}
function createHookHandler(config: HookConfig): RequestHandler {
return async (req, res) => {
const payload: HookPayload = req.body;
// 处理Hook配置阶段VTEX发送的ping请求
if (payload && "hookConfig" in payload) {
res.status(200).json({ success: true });
return;
}
// 校验Origin凭证
if (
payload.Origin?.Account !== config.expectedAccount ||
payload.Origin?.Key !== config.expectedAppKey
) {
console.error("未授权的Hook事件", {
receivedAccount: payload.Origin?.Account,
receivedKey: payload.Origin?.Key,
});
res.status(401).json({ error: "Unauthorized" });
return;
}
// 校验自定义头(Hook配置阶段设置)
if (req.headers[config.customHeaderKey.toLowerCase()] !== config.customHeaderValue) {
console.error(「自定义头无效」);
res.status(401).json({ error: "Unauthorized" });
return;
}
// 处理事件
await processOrderEvent(payload);
res.status(200).json({ success: true });
};
}
async function processOrderEvent(payload: HookPayload): Promise<void> {
console.log(`Processing order ${payload.OrderId} in state ${payload.State}`);
}错误示例
typescript
// 错误:没有身份校验——接受任意来源的事件
const unsafeHookHandler: RequestHandler = async (req, res) => {
const payload: HookPayload = req.body;
// 没有校验Origin或头就直接处理
// 任何主体都可以POST伪造事件触发未授权操作
await processOrderEvent(payload);
res.status(200).json({ success: true });
};Constraint: Process Events Idempotently
约束:以幂等方式处理事件
Your integration MUST process order events idempotently. Use the combination of + + as a deduplication key to prevent duplicate processing.
OrderIdStateLastChangeWhy this matters
VTEX may deliver the same hook notification multiple times (at-least-once delivery). Without idempotency, duplicate processing can result in double fulfillment, duplicate invoices, or inconsistent state.
Detection
If you see an order event handler without an duplicate check or deduplication mechanism → warn about idempotency. If the handler directly mutates state without checking if the event was already processed → warn.
orderIdCorrect
typescript
interface ProcessedEvent {
orderId: string;
state: string;
lastChange: string;
processedAt: Date;
}
// In-memory store for example — use Redis or database in production
const processedEvents = new Map<string, ProcessedEvent>();
function buildDeduplicationKey(payload: HookPayload): string {
return `${payload.OrderId}:${payload.State}:${payload.LastChange}`;
}
async function idempotentProcessEvent(payload: HookPayload): Promise<boolean> {
const deduplicationKey = buildDeduplicationKey(payload);
// Check if this exact event was already processed
if (processedEvents.has(deduplicationKey)) {
console.log(`Event already processed: ${deduplicationKey}`);
return false; // Skip — already handled
}
// Mark as processing (with TTL in production)
processedEvents.set(deduplicationKey, {
orderId: payload.OrderId,
state: payload.State,
lastChange: payload.LastChange,
processedAt: new Date(),
});
try {
await handleOrderStateChange(payload.OrderId, payload.State);
return true;
} catch (error) {
// Remove from processed set so it can be retried
processedEvents.delete(deduplicationKey);
throw error;
}
}
async function handleOrderStateChange(orderId: string, state: string): Promise<void> {
switch (state) {
case "ready-for-handling":
await startOrderFulfillment(orderId);
break;
case "handling":
await updateOrderInERP(orderId, "in_progress");
break;
case "invoiced":
await confirmOrderShipped(orderId);
break;
case "cancel":
await cancelOrderInERP(orderId);
break;
default:
console.log(`Unhandled state: ${state} for order ${orderId}`);
}
}
async function startOrderFulfillment(orderId: string): Promise<void> {
console.log(`Starting fulfillment for ${orderId}`);
}
async function updateOrderInERP(orderId: string, status: string): Promise<void> {
console.log(`Updating ERP: ${orderId} → ${status}`);
}
async function confirmOrderShipped(orderId: string): Promise<void> {
console.log(`Confirming shipment for ${orderId}`);
}
async function cancelOrderInERP(orderId: string): Promise<void> {
console.log(`Canceling order ${orderId} in ERP`);
}Wrong
typescript
// WRONG: No deduplication — processes every event even if already handled
async function processWithoutIdempotency(payload: HookPayload): Promise<void> {
// If VTEX sends the same event twice, this creates duplicate records
await database.insert("fulfillment_tasks", {
orderId: payload.OrderId,
state: payload.State,
createdAt: new Date(),
});
// Duplicate fulfillment task created — items may ship twice
await triggerFulfillment(payload.OrderId);
}
async function triggerFulfillment(orderId: string): Promise<void> {
console.log(`Fulfilling ${orderId}`);
}
const database = {
insert: async (table: string, data: Record<string, unknown>) => {
console.log(`Inserting into ${table}:`, data);
},
};你的集成必须以幂等方式处理订单事件,使用 + + 的组合作为去重键,避免重复处理。
OrderIdStateLastChange重要性
VTEX可能会多次投递同一个Hook通知(至少一次投递语义),没有幂等性的话,重复处理会导致重复发货、重复开票或者状态不一致。
问题排查
如果你发现订单事件处理程序没有重复校验或者去重机制→发出幂等性警告;如果处理程序没有检查事件是否已经处理就直接修改状态→发出警告。
orderId正确示例
typescript
interface ProcessedEvent {
orderId: string;
state: string;
lastChange: string;
processedAt: Date;
}
// 示例使用内存存储——生产环境请使用Redis或数据库
const processedEvents = new Map<string, ProcessedEvent>();
function buildDeduplicationKey(payload: HookPayload): string {
return `${payload.OrderId}:${payload.State}:${payload.LastChange}`;
}
async function idempotentProcessEvent(payload: HookPayload): Promise<boolean> {
const deduplicationKey = buildDeduplicationKey(payload);
// 检查当前事件是否已经处理过
if (processedEvents.has(deduplicationKey)) {
console.log(`Event already processed: ${deduplicationKey}`);
return false; // 跳过——已经处理过
}
// 标记为处理中(生产环境要设置TTL)
processedEvents.set(deduplicationKey, {
orderId: payload.OrderId,
state: payload.State,
lastChange: payload.LastChange,
processedAt: new Date(),
});
try {
await handleOrderStateChange(payload.OrderId, payload.State);
return true;
} catch (error) {
// 从已处理集合中移除,方便后续重试
processedEvents.delete(deduplicationKey);
throw error;
}
}
async function handleOrderStateChange(orderId: string, state: string): Promise<void> {
switch (state) {
case "ready-for-handling":
await startOrderFulfillment(orderId);
break;
case "handling":
await updateOrderInERP(orderId, "in_progress");
break;
case "invoiced":
await confirmOrderShipped(orderId);
break;
case "cancel":
await cancelOrderInERP(orderId);
break;
default:
console.log(`Unhandled state: ${state} for order ${orderId}`);
}
}
async function startOrderFulfillment(orderId: string): Promise<void> {
console.log(`Starting fulfillment for ${orderId}`);
}
async function updateOrderInERP(orderId: string, status: string): Promise<void> {
console.log(`Updating ERP: ${orderId} → ${status}`);
}
async function confirmOrderShipped(orderId: string): Promise<void> {
console.log(`Confirming shipment for ${orderId}`);
}
async function cancelOrderInERP(orderId: string): Promise<void> {
console.log(`Canceling order ${orderId} in ERP`);
}错误示例
typescript
// 错误:没有去重逻辑——即使事件已经处理过也会重复执行
async function processWithoutIdempotency(payload: HookPayload): Promise<void> {
// 如果VTEX发送两次相同事件,会创建重复记录
await database.insert("fulfillment_tasks", {
orderId: payload.OrderId,
state: payload.State,
createdAt: new Date(),
});
// 创建了重复的履约任务——商品可能会被发两次
await triggerFulfillment(payload.OrderId);
}
async function triggerFulfillment(orderId: string): Promise<void> {
console.log(`Fulfilling ${orderId}`);
}
const database = {
insert: async (table: string, data: Record<string, unknown>) => {
console.log(`Inserting into ${table}:`, data);
},
};Constraint: Handle All Order Statuses
约束:处理所有订单状态
Your integration MUST handle all possible order statuses, including . Unrecognized statuses must be logged but not crash the integration.
Status NullWhy this matters
VTEX documents warn that may be unidentified and end up being mapped as another status, potentially leading to errors. Missing a status in your handler can cause orders to get stuck or lost.
Status NullDetection
If you see a status handler that only covers 2-3 statuses without a default/fallback case → warn about incomplete status handling.
Correct
typescript
type OrderStatus =
| "order-created"
| "order-completed"
| "on-order-completed"
| "payment-pending"
| "waiting-for-order-authorization"
| "approve-payment"
| "payment-approved"
| "payment-denied"
| "request-cancel"
| "waiting-for-seller-decision"
| "authorize-fulfillment"
| "order-create-error"
| "order-creation-error"
| "window-to-cancel"
| "ready-for-handling"
| "start-handling"
| "handling"
| "invoice-after-cancellation-deny"
| "order-accepted"
| "invoiced"
| "cancel"
| "canceled";
async function handleAllStatuses(orderId: string, state: string): Promise<void> {
switch (state) {
case "ready-for-handling":
case "start-handling":
await notifyWarehouse(orderId, "prepare");
break;
case "handling":
await updateFulfillmentStatus(orderId, "in_progress");
break;
case "invoiced":
await markAsShipped(orderId);
break;
case "cancel":
case "canceled":
case "request-cancel":
await handleCancellation(orderId, state);
break;
case "payment-approved":
await confirmPaymentReceived(orderId);
break;
case "payment-denied":
await handlePaymentFailure(orderId);
break;
default:
// CRITICAL: Log unknown statuses instead of crashing
console.warn(`Unknown or unhandled order status: "${state}" for order ${orderId}`);
await logUnhandledStatus(orderId, state);
break;
}
}
async function notifyWarehouse(orderId: string, action: string): Promise<void> {
console.log(`Warehouse notification: ${orderId} → ${action}`);
}
async function updateFulfillmentStatus(orderId: string, status: string): Promise<void> {
console.log(`Fulfillment status: ${orderId} → ${status}`);
}
async function markAsShipped(orderId: string): Promise<void> {
console.log(`Shipped: ${orderId}`);
}
async function handleCancellation(orderId: string, state: string): Promise<void> {
console.log(`Cancellation: ${orderId} (${state})`);
}
async function confirmPaymentReceived(orderId: string): Promise<void> {
console.log(`Payment received: ${orderId}`);
}
async function handlePaymentFailure(orderId: string): Promise<void> {
console.log(`Payment failed: ${orderId}`);
}
async function logUnhandledStatus(orderId: string, state: string): Promise<void> {
console.log(`UNHANDLED: ${orderId} → ${state}`);
}Wrong
typescript
// WRONG: Only handles 2 statuses, no fallback for unknown statuses
async function incompleteHandler(orderId: string, state: string): Promise<void> {
if (state === "ready-for-handling") {
await startOrderFulfillment(orderId);
} else if (state === "invoiced") {
await confirmOrderShipped(orderId);
}
// All other statuses silently ignored — orders get lost
// "cancel" events never processed — canceled orders still ship
// "Status Null" could be misinterpreted
}你的集成必须处理所有可能的订单状态,包括。无法识别的状态必须做日志记录,但不能导致集成崩溃。
Status Null重要性
VTEX文档提示可能是未识别状态,最终可能会映射为其他状态,容易引发错误。处理程序遗漏状态会导致订单卡住或者丢失。
Status Null问题排查
如果你发现状态处理程序仅覆盖了2-3种状态,没有默认/兜底分支→发出状态处理不完整的警告。
正确示例
typescript
type OrderStatus =
| "order-created"
| "order-completed"
| "on-order-completed"
| "payment-pending"
| "waiting-for-order-authorization"
| "approve-payment"
| "payment-approved"
| "payment-denied"
| "request-cancel"
| "waiting-for-seller-decision"
| "authorize-fulfillment"
| "order-create-error"
| "order-creation-error"
| "window-to-cancel"
| "ready-for-handling"
| "start-handling"
| "handling"
| "invoice-after-cancellation-deny"
| "order-accepted"
| "invoiced"
| "cancel"
| "canceled";
async function handleAllStatuses(orderId: string, state: string): Promise<void> {
switch (state) {
case "ready-for-handling":
case "start-handling":
await notifyWarehouse(orderId, "prepare");
break;
case "handling":
await updateFulfillmentStatus(orderId, "in_progress");
break;
case "invoiced":
await markAsShipped(orderId);
break;
case "cancel":
case "canceled":
case "request-cancel":
await handleCancellation(orderId, state);
break;
case "payment-approved":
await confirmPaymentReceived(orderId);
break;
case "payment-denied":
await handlePaymentFailure(orderId);
break;
default:
// 关键:记录未知状态,不要崩溃
console.warn(`Unknown or unhandled order status: "${state}" for order ${orderId}`);
await logUnhandledStatus(orderId, state);
break;
}
}
async function notifyWarehouse(orderId: string, action: string): Promise<void> {
console.log(`Warehouse notification: ${orderId} → ${action}`);
}
async function updateFulfillmentStatus(orderId: string, status: string): Promise<void> {
console.log(`Fulfillment status: ${orderId} → ${status}`);
}
async function markAsShipped(orderId: string): Promise<void> {
console.log(`Shipped: ${orderId}`);
}
async function handleCancellation(orderId: string, state: string): Promise<void> {
console.log(`Cancellation: ${orderId} (${state})`);
}
async function confirmPaymentReceived(orderId: string): Promise<void> {
console.log(`Payment received: ${orderId}`);
}
async function handlePaymentFailure(orderId: string): Promise<void> {
console.log(`Payment failed: ${orderId}`);
}
async function logUnhandledStatus(orderId: string, state: string): Promise<void> {
console.log(`UNHANDLED: ${orderId} → ${state}`);
}错误示例
typescript
// 错误:仅处理2种状态,没有未知状态兜底
async function incompleteHandler(orderId: string, state: string): Promise<void> {
if (state === "ready-for-handling") {
await startOrderFulfillment(orderId);
} else if (state === "invoiced") {
await confirmOrderShipped(orderId);
}
// 其他所有状态都会被静默忽略——订单丢失
// 「cancel」事件永远不会被处理——已取消的订单仍会发货
// 「Status Null」可能会被错误解读
}Preferred pattern
推荐实践模式
Configure the Hook
配置Hook
Set up the hook with appropriate filters and your endpoint URL.
typescript
import axios, { AxiosInstance } from "axios";
interface HookSetupConfig {
accountName: string;
appKey: string;
appToken: string;
hookUrl: string;
hookHeaderKey: string;
hookHeaderValue: string;
filterStatuses: string[];
}
async function configureOrderHook(config: HookSetupConfig): Promise<void> {
const client: AxiosInstance = axios.create({
baseURL: `https://${config.accountName}.vtexcommercestable.com.br`,
headers: {
"Content-Type": "application/json",
"X-VTEX-API-AppKey": config.appKey,
"X-VTEX-API-AppToken": config.appToken,
},
});
const hookConfig = {
filter: {
type: "FromWorkflow",
status: config.filterStatuses,
},
hook: {
url: config.hookUrl,
headers: {
[config.hookHeaderKey]: config.hookHeaderValue,
},
},
};
await client.post("/api/orders/hook/config", hookConfig);
console.log("Hook configured successfully");
}
// Example usage:
await configureOrderHook({
accountName: "mymarketplace",
appKey: process.env.VTEX_APP_KEY!,
appToken: process.env.VTEX_APP_TOKEN!,
hookUrl: "https://my-integration.example.com/vtex/order-hook",
hookHeaderKey: "X-Integration-Secret",
hookHeaderValue: process.env.HOOK_SECRET!,
filterStatuses: [
"ready-for-handling",
"start-handling",
"handling",
"invoiced",
"cancel",
],
});使用合适的过滤器和你的接口URL设置Hook。
typescript
import axios, { AxiosInstance } from "axios";
interface HookSetupConfig {
accountName: string;
appKey: string;
appToken: string;
hookUrl: string;
hookHeaderKey: string;
hookHeaderValue: string;
filterStatuses: string[];
}
async function configureOrderHook(config: HookSetupConfig): Promise<void> {
const client: AxiosInstance = axios.create({
baseURL: `https://${config.accountName}.vtexcommercestable.com.br`,
headers: {
"Content-Type": "application/json",
"X-VTEX-API-AppKey": config.appKey,
"X-VTEX-API-AppToken": config.appToken,
},
});
const hookConfig = {
filter: {
type: "FromWorkflow",
status: config.filterStatuses,
},
hook: {
url: config.hookUrl,
headers: {
[config.hookHeaderKey]: config.hookHeaderValue,
},
},
};
await client.post("/api/orders/hook/config", hookConfig);
console.log("Hook configured successfully");
}
// 示例用法:
await configureOrderHook({
accountName: "mymarketplace",
appKey: process.env.VTEX_APP_KEY!,
appToken: process.env.VTEX_APP_TOKEN!,
hookUrl: "https://my-integration.example.com/vtex/order-hook",
hookHeaderKey: "X-Integration-Secret",
hookHeaderValue: process.env.HOOK_SECRET!,
filterStatuses: [
"ready-for-handling",
"start-handling",
"handling",
"invoiced",
"cancel",
],
});Build the Hook Endpoint with Auth and Idempotency
构建带身份认证和幂等处理的Hook接口
typescript
import express from "express";
const app = express();
app.use(express.json());
const hookConfig: HookConfig = {
expectedAccount: process.env.VTEX_ACCOUNT_NAME!,
expectedAppKey: process.env.VTEX_APP_KEY!,
customHeaderKey: "X-Integration-Secret",
customHeaderValue: process.env.HOOK_SECRET!,
};
app.post("/vtex/order-hook", createHookHandler(hookConfig));
// The createHookHandler and idempotentProcessEvent functions
// from the Hard constraints section above handle auth + deduplicationtypescript
import express from "express";
const app = express();
app.use(express.json());
const hookConfig: HookConfig = {
expectedAccount: process.env.VTEX_ACCOUNT_NAME!,
expectedAppKey: process.env.VTEX_APP_KEY!,
customHeaderKey: "X-Integration-Secret",
customHeaderValue: process.env.HOOK_SECRET!,
};
app.post("/vtex/order-hook", createHookHandler(hookConfig));
// 上文中硬性约束部分的createHookHandler和idempotentProcessEvent函数
// 会处理身份认证+去重逻辑Fetch Full Order Data and Process
拉取完整订单数据并处理
After receiving the hook notification, fetch the complete order data for processing.
typescript
interface VtexOrder {
orderId: string;
status: string;
items: Array<{
id: string;
productId: string;
name: string;
quantity: number;
price: number;
sellingPrice: number;
}>;
clientProfileData: {
email: string;
firstName: string;
lastName: string;
document: string;
};
shippingData: {
address: {
postalCode: string;
city: string;
state: string;
country: string;
street: string;
number: string;
};
logisticsInfo: Array<{
itemIndex: number;
selectedSla: string;
shippingEstimate: string;
}>;
};
totals: Array<{
id: string;
name: string;
value: number;
}>;
value: number;
}
async function fetchAndProcessOrder(
client: AxiosInstance,
orderId: string,
state: string
): Promise<void> {
const response = await client.get<VtexOrder>(
`/api/oms/pvt/orders/${orderId}`
);
const order = response.data;
switch (state) {
case "ready-for-handling":
await createFulfillmentTask({
orderId: order.orderId,
items: order.items.map((item) => ({
skuId: item.id,
name: item.name,
quantity: item.quantity,
})),
shippingAddress: order.shippingData.address,
estimatedDelivery: order.shippingData.logisticsInfo[0]?.shippingEstimate,
});
break;
case "cancel":
await cancelFulfillmentTask(order.orderId);
break;
default:
console.log(`Order ${orderId}: state=${state}, no action needed`);
}
}
async function createFulfillmentTask(task: Record<string, unknown>): Promise<void> {
console.log("Creating fulfillment task:", task);
}
async function cancelFulfillmentTask(orderId: string): Promise<void> {
console.log("Canceling fulfillment task:", orderId);
}收到Hook通知后,拉取完整订单数据进行处理。
typescript
interface VtexOrder {
orderId: string;
status: string;
items: Array<{
id: string;
productId: string;
name: string;
quantity: number;
price: number;
sellingPrice: number;
}>;
clientProfileData: {
email: string;
firstName: string;
lastName: string;
document: string;
};
shippingData: {
address: {
postalCode: string;
city: string;
state: string;
country: string;
street: string;
number: string;
};
logisticsInfo: Array<{
itemIndex: number;
selectedSla: string;
shippingEstimate: string;
}>;
};
totals: Array<{
id: string;
name: string;
value: number;
}>;
value: number;
}
async function fetchAndProcessOrder(
client: AxiosInstance,
orderId: string,
state: string
): Promise<void> {
const response = await client.get<VtexOrder>(
`/api/oms/pvt/orders/${orderId}`
);
const order = response.data;
switch (state) {
case "ready-for-handling":
await createFulfillmentTask({
orderId: order.orderId,
items: order.items.map((item) => ({
skuId: item.id,
name: item.name,
quantity: item.quantity,
})),
shippingAddress: order.shippingData.address,
estimatedDelivery: order.shippingData.logisticsInfo[0]?.shippingEstimate,
});
break;
case "cancel":
await cancelFulfillmentTask(order.orderId);
break;
default:
console.log(`Order ${orderId}: state=${state}, no action needed`);
}
}
async function createFulfillmentTask(task: Record<string, unknown>): Promise<void> {
console.log("Creating fulfillment task:", task);
}
async function cancelFulfillmentTask(orderId: string): Promise<void> {
console.log("Canceling fulfillment task:", orderId);
}Implement Feed as Fallback
实现Feed作为兜底方案
Use Feed v3 as a backup to catch any events the hook might miss during downtime.
typescript
async function pollFeedAsBackup(client: AxiosInstance): Promise<void> {
const feedResponse = await client.get<Array<{
eventId: string;
handle: string;
domain: string;
state: string;
orderId: string;
lastChange: string;
}>>("/api/orders/feed");
const events = feedResponse.data;
if (events.length === 0) {
return; // No events in queue
}
const handlesToCommit: string[] = [];
for (const event of events) {
try {
await fetchAndProcessOrder(client, event.orderId, event.state);
handlesToCommit.push(event.handle);
} catch (error) {
console.error(`Failed to process feed event for ${event.orderId}:`, error);
// Don't commit failed events — they'll return to the queue after visibility timeout
}
}
// Commit successfully processed events
if (handlesToCommit.length > 0) {
await client.post("/api/orders/feed", {
handles: handlesToCommit,
});
}
}
// Run feed polling on a schedule (e.g., every 2 minutes)
setInterval(async () => {
try {
const client = createVtexClient();
await pollFeedAsBackup(client);
} catch (error) {
console.error("Feed polling error:", error);
}
}, 120000); // 2 minutes
function createVtexClient(): AxiosInstance {
return axios.create({
baseURL: `https://${process.env.VTEX_ACCOUNT_NAME}.vtexcommercestable.com.br`,
headers: {
"X-VTEX-API-AppKey": process.env.VTEX_APP_KEY!,
"X-VTEX-API-AppToken": process.env.VTEX_APP_TOKEN!,
},
});
}使用Feed v3作为备份,捕获Hook在服务宕机期间遗漏的任何事件。
typescript
async function pollFeedAsBackup(client: AxiosInstance): Promise<void> {
const feedResponse = await client.get<Array<{
eventId: string;
handle: string;
domain: string;
state: string;
orderId: string;
lastChange: string;
}>>("/api/orders/feed");
const events = feedResponse.data;
if (events.length === 0) {
return; // 队列中没有事件
}
const handlesToCommit: string[] = [];
for (const event of events) {
try {
await fetchAndProcessOrder(client, event.orderId, event.state);
handlesToCommit.push(event.handle);
} catch (error) {
console.error(`Failed to process feed event for ${event.orderId}:`, error);
// 不提交处理失败的事件——可见性超时后它们会回到队列
}
}
// 提交处理成功的事件
if (handlesToCommit.length > 0) {
await client.post("/api/orders/feed", {
handles: handlesToCommit,
});
}
}
// 定时运行Feed轮询(比如每2分钟一次)
setInterval(async () => {
try {
const client = createVtexClient();
await pollFeedAsBackup(client);
} catch (error) {
console.error("Feed polling error:", error);
}
}, 120000); // 2分钟
function createVtexClient(): AxiosInstance {
return axios.create({
baseURL: `https://${process.env.VTEX_ACCOUNT_NAME}.vtexcommercestable.com.br`,
headers: {
"X-VTEX-API-AppKey": process.env.VTEX_APP_KEY!,
"X-VTEX-API-AppToken": process.env.VTEX_APP_TOKEN!,
},
});
}Complete Example
完整示例
typescript
import express from "express";
import axios, { AxiosInstance } from "axios";
// 1. Configure hook
async function setupIntegration(): Promise<void> {
await configureOrderHook({
accountName: process.env.VTEX_ACCOUNT_NAME!,
appKey: process.env.VTEX_APP_KEY!,
appToken: process.env.VTEX_APP_TOKEN!,
hookUrl: `${process.env.BASE_URL}/vtex/order-hook`,
hookHeaderKey: "X-Integration-Secret",
hookHeaderValue: process.env.HOOK_SECRET!,
filterStatuses: [
"ready-for-handling",
"handling",
"invoiced",
"cancel",
],
});
}
// 2. Start webhook server
const app = express();
app.use(express.json());
const hookHandler = createHookHandler({
expectedAccount: process.env.VTEX_ACCOUNT_NAME!,
expectedAppKey: process.env.VTEX_APP_KEY!,
customHeaderKey: "X-Integration-Secret",
customHeaderValue: process.env.HOOK_SECRET!,
});
app.post("/vtex/order-hook", hookHandler);
// 3. Health check for VTEX ping
app.get("/health", (_req, res) => res.status(200).json({ status: "ok" }));
// 4. Start feed polling as backup
setInterval(async () => {
try {
const client = createVtexClient();
await pollFeedAsBackup(client);
} catch (error) {
console.error("Feed backup polling error:", error);
}
}, 120000);
app.listen(3000, () => {
console.log("Order integration running on port 3000");
setupIntegration().catch(console.error);
});typescript
import express from "express";
import axios, { AxiosInstance } from "axios";
// 1. 配置Hook
async function setupIntegration(): Promise<void> {
await configureOrderHook({
accountName: process.env.VTEX_ACCOUNT_NAME!,
appKey: process.env.VTEX_APP_KEY!,
appToken: process.env.VTEX_APP_TOKEN!,
hookUrl: `${process.env.BASE_URL}/vtex/order-hook`,
hookHeaderKey: "X-Integration-Secret",
hookHeaderValue: process.env.HOOK_SECRET!,
filterStatuses: [
"ready-for-handling",
"handling",
"invoiced",
"cancel",
],
});
}
// 2. 启动webhook服务
const app = express();
app.use(express.json());
const hookHandler = createHookHandler({
expectedAccount: process.env.VTEX_ACCOUNT_NAME!,
expectedAppKey: process.env.VTEX_APP_KEY!,
customHeaderKey: "X-Integration-Secret",
customHeaderValue: process.env.HOOK_SECRET!,
});
app.post("/vtex/order-hook", hookHandler);
// 3. VTEX ping健康检查接口
app.get("/health", (_req, res) => res.status(200).json({ status: "ok" }));
// 4. 启动Feed轮询作为兜底
setInterval(async () => {
try {
const client = createVtexClient();
await pollFeedAsBackup(client);
} catch (error) {
console.error("Feed backup polling error:", error);
}
}, 120000);
app.listen(3000, () => {
console.log("Order integration running on port 3000");
setupIntegration().catch(console.error);
});Common failure modes
常见失败场景
-
Using List Orders API instead of Feed/Hook. Theendpoint depends on indexing, which can lag behind real-time updates. It's slower, less reliable, and more likely to hit rate limits when polled frequently. Feed v3 runs before indexing and doesn't depend on it. Use Feed v3 or Hook for order change detection; use List Orders only for ad-hoc queries.
GET /api/oms/pvt/orders -
Blocking hook response with long processing. VTEX requires the hook endpoint to respond with HTTP 200 within 5000ms. If processing takes longer (e.g., ERP sync, complex database writes), VTEX considers the delivery failed and retries with increasing delays. Repeated failures can lead to hook deactivation. Acknowledge the event immediately, then process asynchronously via a queue.
typescript
import { RequestHandler } from "express";
// Correct: Acknowledge immediately, process async
const asyncHookHandler: RequestHandler = async (req, res) => {
const payload: HookPayload = req.body;
// Validate auth (fast operation)
if (!validateAuth(payload, req.headers)) {
res.status(401).json({ error: "Unauthorized" });
return;
}
// Enqueue for async processing (fast operation)
await enqueueOrderEvent(payload);
// Respond immediately — well within 5000ms
res.status(200).json({ received: true });
};
function validateAuth(
payload: HookPayload,
headers: Record<string, unknown>
): boolean {
return (
payload.Origin?.Account === process.env.VTEX_ACCOUNT_NAME &&
headers["x-integration-secret"] === process.env.HOOK_SECRET
);
}
async function enqueueOrderEvent(payload: HookPayload): Promise<void> {
// Use a message queue (SQS, RabbitMQ, Redis, etc.)
console.log(`Enqueued order event: ${payload.OrderId}`);
}-
使用订单列表API替代Feed/Hook。接口依赖索引,实时更新会有延迟,频繁轮询时速度更慢、可靠性更低,也更容易触发限流。Feed v3在索引生成前运行,不依赖索引,订单变更检测请使用Feed v3或Hook,仅在临时查询时使用订单列表接口。
GET /api/oms/pvt/orders -
长处理逻辑阻塞Hook响应。VTEX要求Hook接口必须在5000ms内返回HTTP 200响应。如果处理时间较长(比如ERP同步、复杂数据库写入),VTEX会认为投递失败,会以递增的延迟重试,重复失败可能会导致Hook被停用。请立即确认事件接收,再通过队列异步处理逻辑。
typescript
import { RequestHandler } from "express";
// 正确:立即确认接收,异步处理
const asyncHookHandler: RequestHandler = async (req, res) => {
const payload: HookPayload = req.body;
// 校验身份(快速操作)
if (!validateAuth(payload, req.headers)) {
res.status(401).json({ error: "Unauthorized" });
return;
}
// 加入队列异步处理(快速操作)
await enqueueOrderEvent(payload);
// 立即响应——远低于5000ms要求
res.status(200).json({ received: true });
};
function validateAuth(
payload: HookPayload,
headers: Record<string, unknown>
): boolean {
return (
payload.Origin?.Account === process.env.VTEX_ACCOUNT_NAME &&
headers["x-integration-secret"] === process.env.HOOK_SECRET
);
}
async function enqueueOrderEvent(payload: HookPayload): Promise<void> {
// 使用消息队列(SQS、RabbitMQ、Redis等)
console.log(`Enqueued order event: ${payload.OrderId}`);
}Review checklist
审核检查清单
- Is the correct delivery model chosen (Feed for controlled throughput, Hook for real-time)?
- Does the hook endpoint validate ,
Origin.Account, and custom headers?Origin.Key - Is event processing idempotent using +
OrderId+Stateas deduplication key?LastChange - Does the status handler cover all order statuses with a default/fallback case?
- Does the hook endpoint respond within 5000ms (using async processing for heavy work)?
- Is Feed v3 configured as a backup to catch missed hook events?
- Are filter types not mixed (FromWorkflow and FromOrders are mutually exclusive)?
- 是否选择了正确的交付模型(Feed用于可控吞吐量场景,Hook用于实时场景)?
- Hook接口是否校验了、
Origin.Account和自定义头?Origin.Key - 是否使用+
OrderId+State作为去重键实现了事件处理幂等性?LastChange - 状态处理程序是否覆盖了所有订单状态,包含默认/兜底分支?
- Hook接口是否在5000ms内响应(重负载逻辑使用异步处理)?
- 是否配置了Feed v3作为兜底捕获遗漏的Hook事件?
- 是否没有混用过滤器类型(FromWorkflow和FromOrders互斥)?
Reference
参考资料
- Feed v3 Guide — Complete guide to Feed and Hook configuration, filter types, and best practices
- Orders API - Feed v3 Endpoints — API reference for feed retrieval and commit
- Hook Configuration API — API reference for creating and updating hook configuration
- Orders Overview — Overview of the VTEX Orders module
- Order Flow and Status — Complete list of order statuses and transitions
- ERP Integration - Set Up Order Integration — Guide for integrating order feed with back-office systems
- Feed v3指南 — Feed和Hook配置、过滤器类型、最佳实践的完整指南
- 订单API - Feed v3端点 — Feed拉取和提交的API参考
- Hook配置API — 创建和更新Hook配置的API参考
- 订单概览 — VTEX订单模块概览
- 订单流程与状态 — 订单状态和流转的完整列表
- ERP集成 - 搭建订单集成 — 将订单Feed与后台系统集成的指南