Test in sandbox
Use the sandbox to send test deliveries to your unified endpoint. This page shows how to trigger a test event, validate headers and signature, confirm 2xx acknowledgment, and debug failures.
Prerequisites
- A publicly reachable HTTPS callback URL that returns 2xx on success
- A sandbox subscription for at least one performance event (for example,
SELLER_PERFORMANCE_ALARMS) - Include the required
resourcevalue when subscribing. Use Get event types to confirm the exact value. - Access token with sandbox scope
- Logging enabled to capture request headers and the raw body
API reference: Test notification
Note: Availability of the Test notification endpoint may vary by account. If it is not enabled for your account, contact support to request a test delivery or subscribe in sandbox and validate with scheduled events.
Step 1. Confirm your sandbox subscription
Use Get all subscriptions and verify that your sandbox subscription includes the callback URL you plan to test.
# See the reference page above for the exact URL and parameters
curl -X GET "<GET_ALL_SUBSCRIPTIONS_ENDPOINT>" -H "WM_SEC.ACCESS_TOKEN: <sandbox_token>"
If you do not have a sandbox subscription yet, create one first:
- Create subscription
- Optional: Update subscription
Step 2. Send a test delivery
Use Test notificationto send a sample webhook. Your receiver must branch on payload.notificationType.
# See the reference page above for the exact URL and body schema
curl -X POST "<TEST_NOTIFICATION_ENDPOINT>" -H "Content-Type: application/json" -H "WM_SEC.ACCESS_TOKEN: <sandbox_token>" -d '{ "eventType": "SELLER_PERFORMANCE_NOTIFICATIONS", "endpointUrl": "https://example.com/webhooks/walmart/performance", "mode": "sandbox" }'
Expected result
Your endpoint receives an HTTP POST that follows the delivery format documented on the event pages, with the required headers and a payload.notificationType object. Return 2xx on success.
See examples in the Event catalog: Seller performance alarms, Seller performance report.
Timing
Expect ALARMS events at 6:00 AM PT daily and REPORT events at 5:00 AM PT Mondays.
Step 3. Verify headers and signature
Check that your logs captured the required headers. Validate the signature before processing.
Required headers:
WM_SEC.TIMESTAMPWM_SEC.SIGNATUREWM_SEC.KEY_ID(optional for secret rotation)
See Security and authenticity for the signature scheme and code samples.
Step 4. Validate success path
After a durable write:
- Return 200 or 202.
- Confirm your logs show a successful verification and an idempotent write using the documented delivery identifier (for example, a top-level
eventIdor a delivery header). - Confirm that your workflow or alert was created.
Step 5. Validate retry and error handling
Intentionally return a non-2xx once to confirm retry behavior:
- Observe that Walmart retries the delivery with backoff.
- Ensure your receiver remains idempotent and continues to verify signatures on every retry.
- Fix the issue, resend a test, and confirm healthy 2xx responses.
Troubleshooting common issues
| Symptom | Likely cause | What to check | Fix |
|---|---|---|---|
| 401 or 403 from your service | Signature or seller check failed | Header names, timestamp window, secret lookup, seller mapping | Rotate or correct the secret, adjust allowed skew, update seller mapping |
| 500 with timeouts | Heavy synchronous processing | Downstream calls during request, large payload processing | Acknowledge quickly, move work to an async queue |
| Duplicate processing | Missing idempotency | Use of a delivery identifier during writes | Add a uniqueness constraint or conflict-safe upsert |
| Signature mismatch only in sandbox | Path or body normalization | Sign using exact path and raw body bytes | Normalize consistently in both environments |
See Troubleshooting and delivery health for deeper diagnostics and recovery steps.
Sample log to verify
POST /webhooks/walmart/performance 200
WM_SEC.TIMESTAMP=1725843530
WM_SEC.SIGNATURE=AbC...=
eventType=SELLER_PERFORMANCE_ALARMS
eventId=03d34580-61d4-11ea-9e23-cd38810ff7cd
verify=ok write=ok dedupe=ok elapsedMs=124
Clean up
If you created throwaway subscriptions for this test, remove them with Delete subscription.
# See the reference page above for the exact URL and path parameter
curl -X DELETE "<DELETE_SUBSCRIPTION_ENDPOINT>/<subscriptionId>" -H "WM_SEC.ACCESS_TOKEN: <sandbox_token>"
Next steps
- Keep Security and authenticity handy while you finalize verification code
- Use Troubleshooting and delivery health to monitor production behavior
- Return to the Event catalog for payload details and examples
Reference guide
This guide shows how to send sample deliveries to your callback URL and validate acknowledgment behavior.
Test notification: Triggers a sample delivery to your callback URL to validate your integration.
See also
Updated about 12 hours ago