1. Provide a publicly reachable HTTPS URL in the Gale Dashboard.
  2. Verify each call with the X-Gale-Signature header (HMAC-SHA256).
  3. Respond with 200 OK within 5 s—otherwise Gale will retry up to 3 times with exponential back-off.

Signature Verification

X-Gale-Signature: t=1623945600,v1=7f83b1657ff1fc...
  1. Take the raw request body.
  2. Prepend the timestamp (t= value) with a dot separator.
  3. Hash using your ** webhook signing secret ** (dashboard).
  4. Compare (timing-safe) to the v1= hash.

Detailed code samples are in the Examples page.

Event 1 · checkoutStatusChange

Fired whenever a checkout transitions state.

{
  "event": "checkoutStatusChange",
  "checkout_id": "chk_123",
  "status": "PAID",
  "amount_cents": 6050,
  "currency": "usd",
  "timestamp": "2025-06-05T12:04:12Z"
}

Possible status valuesUNPAID, PAID, REFUNDED, CANCELLED, EXPIRED.

Use the payload to update orders and trigger fulfilment or refunds in real time.

Event 2 · productStatusChange

Sent when SIGIS / LMN / Vision eligibility toggles.

{
  "event": "productStatusChange",
  "product_id": "prod_abc123",
  "eligibility_type": "not_eligible",
  "timestamp": "2025-06-05T13:15:00Z"
}

Values for eligibility_type:
sigis_eligible · lmn_eligible · vision_eligible · not_eligible.

Update your catalog immediately so ineligible items are no longer advertised as HSA/FSA-qualified.

Retry Policy

AttemptDelay after previous try
1 (initial)
230 s
32 min
4 (final)10 min

After four failed attempts the event is marked dead-letter; you can manually re-send from the Dashboard.