Skip to content
AutomationsLab
Back to Blog

Settlement, payouts and reconciliation: reliability patterns for marketplaces and DTC

by Federico 5 min read
  • finance
  • reconciliation
  • automation

When a marketplace or DTC brand starts processing meaningful volume, finance doesn’t break because of one spectacular bug. It breaks by accumulation: a webhook lost here, an FX rate not refreshed there, a payout that doesn’t reconcile against the Shopify statement at month-end. The problem isn’t the individual errors — it’s that, without the right patterns, they stay invisible until someone opens Excel with a cold coffee at their side.

In this article I line up the patterns we use to make settlement and payout flows reliable: how to handle webhooks with an outbox, how to sign and retry them, how to keep multi-market FX rates aligned, and how to reconcile Shopify payouts against accounting. It’s not a list of tools, it’s a set of architectural choices.

Context: what we mean by “settlement”

In a consignment resale marketplace, every sale isn’t “invoice and done”. There’s a provisional period where the cash is locked, then it becomes eligible after a return window closes, then it gets paid out to the seller or brand. More complex DTC flows have something similar: aggregated Shopify payouts, platform fees, taxes, refunds that fall into different windows. The complexity isn’t the state transition itself — it’s keeping it consistent across operational database, real payments, and accounting.

Pattern 1: the transactional outbox for webhooks

The classic first mistake is firing webhooks directly inside the transaction that updates state. If the consumer is slow or down, your transaction times out. If you retry it, you send the event twice. If you roll it back, you’ve updated state but notified nobody.

The outbox pattern separates the two. When a settlement moves from provisional to eligible, inside the same transaction you write two things: the updated row and a row in webhook_outbox with payload, destination and pending status. The transaction commits or rolls back atomically — consistency guaranteed.

A separate drainer — in our case a Supabase Edge Function scheduled via pg_cron every minute — reads the pending rows, signs them with HMAC, sends them, handles retries with exponential backoff, and marks the status. If the destination is down for two hours, events aren’t lost: they pile up in the outbox and resume when it comes back.

Concrete example: for a client in luxury resale, the webhook drainer retries with backoff 1m → 5m → 15m → 1h → 6h → 24h. After 6 failed attempts, the event lands in failed with a Slack alert. Measured over the last 30 days: 99.7% delivery on first try, 100% after retries. Zero events lost.

Pattern 2: HMAC to sign every payload

All outbound webhooks are signed with HMAC-SHA256 using a shared secret. The standard header is X-Signature: sha256=<hex> plus an X-Timestamp to prevent replay attacks. The consumer verifies signature and timestamp (rejecting events older than 5 minutes) before accepting the payload.

It’s one extra line of code that pays off massively. Without HMAC, anyone who discovers the webhook URL can inject fake events. With HMAC, authenticity is verifiable end-to-end without relying on fragile IP allowlists.

Pattern 3: multi-market FX rates with scheduled refresh

If you sell in multiple markets with different currencies, pricing can’t call the FX API in real time on every request: latency, rate limits, cost. The solution is an fx_rates table with timestamps, a scheduled refresh (say, every 6 hours via cron), and every settlement “stamping” the rate used at the moment of the transaction.

This detail seems trivial but is crucial for reconciliation: when you’re six months later and the seller contests a payout, you need to prove you used EUR/USD = 1.0823 at 14:32 on March 12, not today’s rate. Without snapshots, every dispute becomes a treasure hunt.

Pattern 4: backfill and force-create for edge cases

In production there’s always the day when someone has to create a retroactive payout, import 8,000 rows from a legacy CSV, or recover settlements lost during a migration. Having dedicated endpoints — not raw SQL commands — makes the difference.

For backfilling missing payouts we use a Postgres RPC that takes a time range, rebuilds states from historical Shopify orders, and writes in a single transaction with a mandatory dry-run before commit. The force-create payout is instead a UI action restricted to admin roles, which logs every execution to an audit table. Result: zero database touching from the console, full audit trail.

Pattern 5: Shopify ↔ accounting reconciliation

The moment of truth is when the Shopify Payouts statement arrives and you have to compare it row by row against the accounting system. Most teams do it in Excel at month-end. The pattern that works:

  1. A dedicated Edge Function that pulls from Shopify products, customers, orders, inventory, transactions, payouts, balance every 15 minutes.
  2. A payout_reconciliation table with automatic join by payout_id between Shopify and internal settlements.
  3. A dedicated page that surfaces only the deltas: payouts without a match, inconsistent amounts, 100% gift-card orders that need special treatment.

With this setup, month-end reconciliation goes from a full workday to one hour reviewing exceptions. A realistic metric I’ve seen on a mid-volume client (around 800 orders/month): reconciliation drift went from 1.4% to 0.05%, with finance time on the monthly activity down 70%.

When all this makes sense

Not every project needs outbox, HMAC and FX snapshots. If you process 50 orders a month, a Make scenario with a single retry is fine. The rough threshold: when you start seeing payout dispute requests, or when monthly finance reconciliation crosses 4 hours, it’s time to invest in these patterns.

What stays valid in any case: separate state writes from side-effects (outbox), sign every outbound payload (HMAC), keep an FX snapshot at the moment of the transaction, have backfill endpoints tested before you actually need them. They’re the four pillars that keep any settlement flow above the monthly noise floor.

If you’re building a marketplace or DTC that’s getting complicated on the finance side, and you want to figure out which of these patterns make sense for your volume, we can do a sanity check together. Often 2-3 targeted changes are enough to take out 90% of the monthly noise.

Have a similar process to automate?

Tell us about your workflow — we'll tell you honestly if and where automation makes sense.

Let's talk about your process