{"overview":"Aura emite webhooks HTTP POST a tu endpoint cuando ocurren eventos en tu org. Soporta retry exponencial 6 intentos.","setup":{"endpoint":"POST https://aura.cownnection.com/api/v1/webhooks","body":{"url":"https://tu-dominio.com/aura-webhook","events":["order.created","order.paid"]},"response":{"id":"webhook_xxx","secret":"whsec_xxx_GUARDA_ESTO","url":"...","events":["order.created","order.paid"]}},"eventCatalog":"https://aura.cownnection.com/api/v1/webhooks/events","signature":{"algorithm":"HMAC-SHA256","header":"x-aura-signature-256","format":"hex","verify":{"js":"import crypto from 'crypto';\nconst sig = crypto.createHmac('sha256', WEBHOOK_SECRET).update(rawBody).digest('hex');\nif (sig !== req.headers['x-aura-signature-256']) return res.status(401).end();","python":"import hmac, hashlib\nsig = hmac.new(secret.encode(), raw_body, hashlib.sha256).hexdigest()\nif sig != request.headers['x-aura-signature-256']: abort(401)"}},"retry":{"attempts":6,"backoff":["immediate","5s","30s","5min","30min","2h"],"successCode":"2xx","failurePolicy":"tras 6 intentos fallidos el delivery se marca failed y NO se reintenta más; el endpoint puede deshabilitarse después de 100 fallos consecutivos"},"bestPractices":["Responde 200 en menos de 5 segundos (procesa async después).","Verifica la firma SIEMPRE antes de confiar en el payload.","Idempotencia: tu handler debe tolerar el mismo evento dos veces (Aura puede reintentar).","NO uses HTTP, sólo HTTPS para evitar leakage de signatures.","Logguea event.id para tracking; está en el header x-aura-event-id."]}