Channels

REST Webhook API

Use the REST API to submit warranty claims from any website, backend, or CMS. Claims are evaluated by Gemini Vision AI and the result is returned asynchronously via a callback webhook.

Authentication

All API requests must include your API key as a Bearer token:

Authorization: Bearer wsc_live_xxxxxxxxxxxxxxxxxxxx

Generate API keys in Settings → API Keys.

Submit a claim

POST https://api.wscrut.silnt.in/webhooks/http/<TENANT_ID>
Content-Type: multipart/form-data
Authorization: Bearer <API_KEY>

Fields:
  customer_id    string   required  Unique customer identifier
  claim_text     string   required  Customer's description of the defect
  evidence_image file     required  JPG/PNG photo of the damaged product
  sku            string   optional  Product SKU (e.g. "SHOE-11A")
  callback_url   string   optional  URL to receive the decision webhook

Example — cURL

curl -X POST https://api.wscrut.silnt.in/webhooks/http/<TENANT_ID> \
  -H "Authorization: Bearer wsc_live_xxx" \
  -F "customer_id=cust_456" \
  -F "claim_text=The sole split after first use" \
  -F "sku=SHOE-11A" \
  -F "evidence_image=@/path/to/photo.jpg" \
  -F "callback_url=https://yourdomain.com/wscrut-callback"

Synchronous response

{
  "ticket_id": "TKT-1042",
  "status": "processing",
  "message": "Claim received. Decision will be sent to callback_url within 30s."
}

Decision callback (webhook)

W-Scrut will POST the AI decision to your callback_url:

POST https://yourdomain.com/wscrut-callback
Content-Type: application/json
X-WScrut-Signature: sha256=<hmac>   ← verify this!

{
  "ticket_id": "TKT-1042",
  "customer_id": "cust_456",
  "sku": "SHOE-11A",
  "decision": "APPROVED",           // APPROVED | REJECTED | FLAGGED_FOR_HUMAN
  "confidence": 0.93,
  "reasoning": "Split sole visible in image, covered under 90-day policy.",
  "timestamp": "2026-06-11T10:30:00Z"
}

Verify the signature

Always verify the X-WScrut-Signature header to prevent spoofed callbacks:

// Node.js example
const crypto = require('crypto');

function verifySignature(payload, signature, secret) {
  const expected = 'sha256=' + crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

// In your webhook handler:
app.post('/wscrut-callback', (req, res) => {
  const sig = req.headers['x-wscrut-signature'];
  if (!verifySignature(req.rawBody, sig, process.env.WSCRUT_WEBHOOK_SECRET)) {
    return res.sendStatus(401);
  }
  const { decision, ticket_id, customer_id } = req.body;
  // Update your database, notify customer, etc.
  res.sendStatus(200);
});

Shopify Plugin →Full API Reference