Skip to main content
There are three ways to start receiving checkout events, depending on who you are:
  • No-code (Zapier): route events into another app without writing code.
  • App builders (recommended for developers): create an app, then add your endpoint in the App Store Events tab. No code, and you create the app anyway.
  • Fanvue API: manage subscriptions programmatically.
The app flow (Option 2) and the API flow (Option 3) both authorize with the OAuth read:creator scope and deliver the same events to the creator’s tenant; pick whichever fits how you build. Creators reach the no-code and connector flows from Configure webhooks in the dashboard, which links out to the Zapier app or to creating a developer app. There is no endpoint or secret to manage inside the Fanvue UI itself.

Option 1: Zapier

Use the official Fanvue Zapier integration when you want to route checkout events into another app (Sheets, Slack, a CRM) without writing code:
1

Pick the Fanvue trigger

In Zapier, create a Zap and choose Fanvue as the trigger app, then pick a checkout trigger (for example New Checkout Payment).
2

Connect your account

Connect your Fanvue account when prompted and approve the requested permissions.
3

Test and turn on

Test the trigger, which pulls a sample event, then turn the Zap on.
Zapier subscribes and unsubscribes for you through the API below; you don’t manage URLs or secrets yourself. Each trigger you add is its own subscription. If you are building an integration you will create an app anyway, so the quickest path is to subscribe straight from it; no code required. After creating your app, open the App Store Events tab and:
1

Add your endpoint URL

Enter the HTTPS URL where Fanvue should deliver events.
2

Pick the events

Tick the checkout events you want (the Checkout links group), plus any platform events you need.
3

View your signing secret

Copy the signing secret shown for the endpoint; you use it to verify deliveries.
App subscriptions authorize with the OAuth read:creator scope. See Webhooks Overview for the step-by-step setup and the full scope details.

Option 3: Fanvue API

For full programmatic control, manage subscriptions yourself with the Fanvue API. Requests use OAuth on behalf of a creator and require the read:creator scope, and deliver the same events as the app flow above. These endpoints live in the API Reference (they are generated from the OpenAPI spec). Subscribe: POST /webhooks/subscriptions 
curl -X POST https://api.fanvue.com/webhooks/subscriptions \
  -H "Authorization: Bearer <access_token>" \
  -H "X-Fanvue-API-Version: 2025-06-26" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/webhooks/fanvue",
    "events": ["checkout_link.payment.succeeded", "checkout_link.subscription.activated"]
  }'

{
  "id": "b6f0e6d2-1f0a-4f1e-9b3a-1c2d3e4f5a6b",
  "signingSecret": "whsec_3b1f8a0c2d4e6f8091a2b3c4d5e6f70819a2b3c4d5e6f70819a2b3c4d5e6f708"
}
A single call subscribes one endpoint to one or more events and returns one signingSecret. Store it now, as it is only returned in this response. List: GET /webhooks/subscriptions returns the subscriptions this OAuth client created for the creator. Unsubscribe: DELETE /webhooks/subscriptions/{id} removes a subscription using the id returned at subscribe time. 
curl -X DELETE https://api.fanvue.com/webhooks/subscriptions/b6f0e6d2-1f0a-4f1e-9b3a-1c2d3e4f5a6b \
  -H "Authorization: Bearer <access_token>" \
  -H "X-Fanvue-API-Version: 2025-06-26"
Subscribe to as many events as you need in a single call. They all deliver to the one endpoint and are signed with the one returned secret. You can still create separate subscriptions (for example, a different URL per event) if you prefer.

Verifying deliveries

Every checkout delivery is signed exactly like the platform event webhooks, with an X-Fanvue-Signature header (t=<timestamp>,v0=<hmac-sha256-hex>). The full header breakdown, verification flow, and Node and Python samples live in Verify Webhook Signatures, and the same code works for checkout deliveries. Where your secret comes from depends on how you subscribed:
  • App: shown for your endpoint in the App Store Events tab.
  • API: returned as signingSecret in the subscribe response (above). Store it then; it is not returned again.
  • Zapier: handled by Zapier; you do not verify signatures yourself.
Always verify against the raw request body before parsing JSON, and return a 2xx as soon as you have received and persisted the event.