Appearance
Order Status Callback
When an order status changes to "Pending Delivery" (sellerOrderStatus = 1), meaning the order has been paid and passed risk review, the platform pushes a notification to the seller's configured callback URL.
Basic Information
| Property | Value |
|---|---|
| Method | POST (platform pushes to seller) |
| Path | {seller_callback_url} |
Verification | HMAC-SHA256 Signature |
| Content-Type | application/json |
Request Headers
The platform passes signature-related fields via HTTP headers:
| Header | Type | Required | Description |
|---|---|---|---|
| Content-Type | string | Yes | Always application/json |
| X-Request-Id | string | Yes | Unique identifier for this callback request, used for idempotency |
| X-Timestamp | string | Yes | Unix millisecond timestamp (e.g., 1734850099000) |
| X-Signature | string | Yes | HMAC-SHA256 signature value |
Request Body
json
{
"createdAt": "2025-12-17T13:44:16",
"orderId": 1689644928115784,
"orderNum": "SO1689644928115784",
"sellerOrderStatus": 1,
"buyerId": "1907369850568257537"
}Field Descriptions
| Field | Type | Description |
|---|---|---|
createdAt | string | Order creation time (ISO 8601 format) |
orderId | number | Unique order ID |
orderNum | string | Order number |
sellerOrderStatus | number | Seller-side order status (see Status Codes) |
buyerId | string | Buyer user ID |
Processing Flow
After receiving a callback, follow these steps:
1. Verify Signature
Extract X-Timestamp, X-Request-Id, and X-Signature from the request headers. Verify the request authenticity using the Signature Verification algorithm.
2. Idempotency Check
Check whether the X-Request-Id has already been processed. If it is a duplicate request, return HTTP 200 immediately.
3. Query Order Details
Use the orderId from the callback to call the Order Query API to retrieve full order details (product information, quantity, buyer delivery requirements, etc.).
4. Execute Business Logic
Prepare the delivery based on the order details. Once ready, call the Deliver Order API to submit the delivery information.
5. Return Success
Return HTTP 200 status code.
Response Requirements
| HTTP Status Code | Result |
|---|---|
| 200 | Success — no further retries |
| Non-200 | Failure — the platform will retry (see Retry Mechanism) |
WARNING
The platform does not read or parse the response body. Success is determined solely by the HTTP status code. If signature verification fails, return 401 or 403.