To integrate Replit with Podia, store your Podia API token in Replit Secrets and use it to call the Podia API for course and membership data. For real-time sales events, configure a Podia webhook to POST to your Replit server endpoint, letting you trigger fulfillment, email, or CRM actions instantly when a customer purchases a digital product.
Automate Digital Product Sales with Podia and Replit
Podia bundles course hosting, membership subscriptions, and digital downloads into a single platform, making it popular with solo creators and small content businesses. Its API and webhook system allow developers to extend Podia's built-in features β automating post-purchase workflows, syncing customer data to external CRMs, triggering personalized email sequences, or building custom analytics dashboards for sales performance.
Replit provides the persistent server infrastructure needed to receive Podia webhooks reliably. Unlike static sites or client-side JavaScript, a Replit Autoscale deployment gives you a publicly accessible HTTPS endpoint that stays online to receive webhook events whenever a sale occurs, a membership renews, or a customer cancels. Your server processes the event and triggers whatever downstream action your business needs.
This tutorial walks through both sides of the Podia integration: pulling data via the REST API (for dashboards, reports, and syncs) and receiving push events via webhooks (for real-time automation). Both Node.js and Python implementations are included, and the tutorial ends with a complete production deployment on Replit Autoscale.
Integration method
Podia provides a REST API for reading product and customer data, authenticated with a bearer token. For real-time events like purchases and enrollments, Podia sends webhook POST requests to a URL you configure. Your Replit server receives these webhooks and triggers downstream actions like sending emails, updating a CRM, or fulfilling digital delivery.
Prerequisites
- A Podia account (any paid plan) with API access β check Settings > Integrations for your API token
- Your Podia API token (bearer token) from the Integrations settings page
- A Replit account β Replit Core recommended for Autoscale deployments
- Basic knowledge of Node.js (Express) or Python (Flask) and webhook patterns
- Understanding of what Podia products you want to automate (courses, memberships, or downloads)
Step-by-step guide
Find Your Podia API Token
Find Your Podia API Token
Podia provides a personal API token that you use as a bearer token on all API requests. To find it, log in to your Podia account and go to Settings (gear icon in the top navigation). Click on the Integrations tab. Scroll down to the API section β you will see your API token displayed there. If it has never been generated, click Generate API Token to create one. Copy the token value immediately and store it somewhere secure (like a password manager). Podia may not show the full token again after you navigate away β if you lose it, you can regenerate a new one, but this will invalidate any previously configured integrations using the old token. Note that the Podia API is still relatively limited compared to platforms like Stripe or HubSpot. It provides read access to products, customers, and orders, but not all operations are writable via API. The more powerful real-time integration path is through Podia's webhook system, which covers purchase events, refunds, and membership lifecycle events. The next step covers webhook configuration.
Pro tip: Podia's API documentation is available at developers.podia.com. Review the available endpoints before building your integration to confirm the data fields you need are accessible via API.
Expected result: You have your Podia API token copied and ready to add to Replit Secrets.
Store the API Token in Replit Secrets
Store the API Token in Replit Secrets
Open your Replit project. Click the lock icon (π) in the left sidebar to open the Secrets panel. Click + New Secret and create a secret named PODIA_API_TOKEN with your API token value. Also create PODIA_WEBHOOK_SECRET which you will use to verify incoming webhook signatures (you can set this to any random string now and use it when configuring the webhook in Podia in a later step). In Python, access the token with os.environ['PODIA_API_TOKEN']. In Node.js, use process.env.PODIA_API_TOKEN. After adding secrets, if your Repl is already running, stop and restart it to ensure the new environment variables are loaded. A quick way to test the token is to make a simple API call to the Podia products endpoint. A successful 200 response with your product list confirms the token is valid. A 401 Unauthorized response means the token is incorrect or has been regenerated in Podia.
1import os2import requests34API_TOKEN = os.environ['PODIA_API_TOKEN']56headers = {7 'Authorization': f'Bearer {API_TOKEN}',8 'Accept': 'application/json'9}1011# Test: fetch your Podia products12response = requests.get('https://api.podia.com/products', headers=headers)1314if response.status_code == 200:15 products = response.json()16 print(f'API token valid. Found {len(products.get("data", []))} products.')17 for p in products.get('data', []):18 print(f' - {p["name"]} ({p["type"]})')19else:20 print(f'API error: {response.status_code} β {response.text}')Expected result: The test script prints 'API token valid' and lists your Podia products by name and type, confirming the API connection works.
Build a Webhook Receiver for Purchase Events
Build a Webhook Receiver for Purchase Events
Podia can POST webhook events to your Replit server when purchases, refunds, or membership events occur. This is the most powerful integration path because it gives you real-time data without polling. The server below handles incoming Podia webhook events. Podia sends a POST request with a JSON body containing the event type and associated data. Your server should respond quickly with a 200 status (within 10 seconds) and process the event asynchronously if needed. Podia webhook payloads include an event field (like purchase.completed or subscription.cancelled) and a data object with customer and product details. The example handles the most common events: purchase.completed (fires for one-time products), subscription.started (new membership), and subscription.cancelled (membership cancellation). For security, configure a webhook secret in Podia and verify the HMAC signature on incoming requests. The verification code below ensures only genuine Podia requests are processed.
1// Node.js Express webhook receiver for Podia2const express = require('express');3const crypto = require('crypto');4const app = express();56const WEBHOOK_SECRET = process.env.PODIA_WEBHOOK_SECRET;78// Parse raw body for signature verification9app.use('/webhook', express.raw({ type: 'application/json' }));10app.use(express.json());1112function verifyWebhookSignature(rawBody, signatureHeader) {13 if (!WEBHOOK_SECRET || !signatureHeader) return true; // skip if no secret configured14 const expected = crypto15 .createHmac('sha256', WEBHOOK_SECRET)16 .update(rawBody)17 .digest('hex');18 return crypto.timingSafeEqual(19 Buffer.from(expected, 'hex'),20 Buffer.from(signatureHeader.replace('sha256=', ''), 'hex')21 );22}2324app.post('/webhook', (req, res) => {25 const signature = req.headers['x-podia-signature'];26 const rawBody = req.body;2728 if (!verifyWebhookSignature(rawBody, signature)) {29 console.log('Invalid webhook signature β rejected');30 return res.status(401).json({ error: 'Invalid signature' });31 }3233 const event = JSON.parse(rawBody.toString());34 console.log(`Received Podia event: ${event.event}`);3536 switch (event.event) {37 case 'purchase.completed':38 handlePurchase(event.data);39 break;40 case 'subscription.started':41 handleNewMembership(event.data);42 break;43 case 'subscription.cancelled':44 handleCancellation(event.data);45 break;46 default:47 console.log(`Unhandled event type: ${event.event}`);48 }4950 res.json({ received: true });51});5253function handlePurchase(data) {54 console.log(`New purchase: ${data.product?.name} by ${data.customer?.email}`);55 // Add to email list, update CRM, send Slack notification, etc.56}5758function handleNewMembership(data) {59 console.log(`New membership: ${data.customer?.email}`);60}6162function handleCancellation(data) {63 console.log(`Cancelled membership: ${data.customer?.email}`);64}6566app.get('/health', (req, res) => res.json({ status: 'ok' }));67app.listen(3000, '0.0.0.0', () => console.log('Podia webhook server running on port 3000'));Pro tip: Podia sends a test webhook event when you first configure the webhook URL. Use this to verify your server receives and processes events correctly before going live with real customer purchases.
Expected result: The server starts on port 3000. The Replit preview shows a URL you can register as your Podia webhook endpoint. The /health endpoint returns {"status": "ok"}.
Configure the Webhook in Podia
Configure the Webhook in Podia
With your Replit server running, you need to register your webhook endpoint in Podia. Log in to your Podia account and go to Settings > Integrations. Scroll to the Webhooks section and click Add Webhook. In the Endpoint URL field, enter your Replit server URL followed by /webhook β for example, https://your-repl-name.your-username.repl.co/webhook. If you are testing in development mode (not deployed), use the URL from the Replit webview preview. For production, use your Autoscale deployment URL. In the Secret field, enter the same random string you stored as PODIA_WEBHOOK_SECRET in Replit Secrets. Podia will use this to sign webhook payloads with HMAC-SHA256 so your server can verify they are genuine. Select the event types you want to receive. For most integrations, subscribe to purchase.completed, subscription.started, subscription.cancelled, and refund.issued. Click Save Webhook, then click Send Test Event to verify your server receives the test payload successfully. If the test event fails to reach your server, confirm your Replit server is running (not stopped), the URL is correctly formatted, and there are no typos in the endpoint path. The Replit webview URL is only available while the editor is open β for a reliable permanent URL, you need to deploy to Autoscale.
Pro tip: The Replit editor preview URL is temporary and only works while you have the Replit editor open. Register a deployed Autoscale URL in Podia's webhook settings for a webhook endpoint that is always online.
Expected result: Podia's test webhook event is received by your Replit server and logged in the console as 'Received Podia event: test' (or similar), confirming the end-to-end webhook delivery works.
Deploy to Replit Autoscale
Deploy to Replit Autoscale
A permanent, always-on webhook endpoint requires deployment. Click the Deploy button in the top-right corner of the Replit editor. Choose Autoscale deployment. Set the run command to node index.js (Node.js) or python app.py (Python). Choose a machine with at least 0.25 vCPU and 256MB RAM β the Podia webhook server is lightweight. After deployment completes (30-60 seconds), Replit gives you a production URL. Update the webhook URL in Podia Settings > Integrations > Webhooks to use this permanent production URL instead of the development preview URL. Replit Secrets are automatically available in deployed Autoscale instances β you do not need to re-enter credentials after deployment. If you update a secret value, trigger a new deployment to apply the change. For production deployments serving real customers, add request logging to record all incoming webhook events with timestamps, so you have an audit trail for troubleshooting missed events or duplicate deliveries. Podia may retry failed webhooks, so your event handler should be idempotent β processing the same event twice should not create duplicate records.
1# Python Flask version of the Podia webhook receiver2import os3import hmac4import hashlib5from flask import Flask, request, jsonify67app = Flask(__name__)8WEBHOOK_SECRET = os.environ.get('PODIA_WEBHOOK_SECRET', '')910def verify_signature(body, signature):11 if not WEBHOOK_SECRET or not signature:12 return True13 expected = hmac.new(WEBHOOK_SECRET.encode(), body, hashlib.sha256).hexdigest()14 return hmac.compare_digest(f'sha256={expected}', signature)1516@app.route('/webhook', methods=['POST'])17def webhook():18 signature = request.headers.get('X-Podia-Signature', '')19 raw_body = request.get_data()2021 if not verify_signature(raw_body, signature):22 return jsonify({'error': 'Invalid signature'}), 4012324 event = request.get_json(force=True)25 event_type = event.get('event')26 data = event.get('data', {})27 print(f'Podia event: {event_type} | Customer: {data.get("customer", {}).get("email")}')2829 # Process event type30 if event_type == 'purchase.completed':31 product_name = data.get('product', {}).get('name')32 print(f'New sale: {product_name}')3334 return jsonify({'received': True})3536@app.route('/health')37def health():38 return jsonify({'status': 'ok'})3940if __name__ == '__main__':41 app.run(host='0.0.0.0', port=3000)Expected result: Your Podia webhook receiver is live on Replit Autoscale. Making a test purchase in Podia (or using Podia's Send Test Event button) triggers the webhook and logs the event in your deployment console.
Common use cases
Post-Purchase Email Automation
When a customer buys any Podia product, a webhook fires to your Replit server. The server checks the product type, adds the customer to the appropriate email sequence in Mailchimp or ConvertKit, and sends a personalized onboarding email with their course access link. This creates a more customized experience than Podia's built-in email automation.
Build a Node.js Express server that receives Podia purchase webhooks, extracts the customer email and product name, then calls the Mailchimp API to add them to the matching audience segment for that product.
Copy this prompt to try it in Replit
Sales Dashboard and Revenue Reporting
Your Replit server polls the Podia API daily to fetch all sales and enrollment data, calculates key metrics (daily revenue, top products, churn rate for memberships), and writes the results to a Google Sheet or database. A simple HTML dashboard served by the same Replit server displays live revenue charts.
Create a Python Flask app that fetches Podia sales data via the API each morning, calculates revenue metrics by product, and stores them in a PostgreSQL database. Serve a simple chart dashboard showing revenue trends.
Copy this prompt to try it in Replit
CRM Sync on New Enrollment
Every time a student enrolls in a course, your Replit webhook receiver creates or updates their contact record in HubSpot or Zoho CRM, tags them with the course name, and sets their lifecycle stage to 'Customer'. This keeps your CRM in sync with Podia without manual data exports or CSV imports.
Write a Flask endpoint that listens for Podia enrollment webhooks, then creates a new contact in HubSpot with the student's details and tags their contact record with the course name and enrollment date.
Copy this prompt to try it in Replit
Troubleshooting
Podia test webhook shows 'Delivery failed' or no response from server
Cause: The Replit server is not running, or the webhook URL points to the editor preview URL which is only available when the Replit editor is open. Preview URLs are not suitable for webhook endpoints.
Solution: Deploy your Replit project to Autoscale and use the permanent deployment URL in Podia's webhook settings. Verify the server is running by visiting the /health endpoint in a browser β it should return {"status": "ok"}. Check that the webhook path is exactly /webhook with no trailing slash.
401 Unauthorized when calling Podia API with your token
Cause: The API token has been regenerated in Podia Settings, invalidating the old token stored in Replit Secrets, or the token is being sent incorrectly without the 'Bearer ' prefix.
Solution: Go to Podia Settings > Integrations and check if your token matches what is stored in PODIA_API_TOKEN in Replit Secrets. Ensure the Authorization header is set as 'Bearer YOUR_TOKEN' with a space after 'Bearer'. Regenerating the token in Podia creates a new value β update the Replit Secret and redeploy.
1headers = {2 'Authorization': f'Bearer {os.environ["PODIA_API_TOKEN"]}', # note the space after Bearer3 'Accept': 'application/json'4}Webhook signature verification fails even for legitimate Podia events
Cause: The raw request body is being parsed as JSON before signature verification runs. HMAC signature verification requires the original raw bytes β once the body is JSON-parsed and re-serialized, the byte representation changes and the signature check fails.
Solution: In Express, use express.raw() middleware on the webhook route before express.json(). In Flask, use request.get_data() to get raw bytes before calling request.get_json(). Never parse the body before computing the HMAC.
1// Express: parse raw body on webhook route only2app.use('/webhook', express.raw({ type: 'application/json' }));3// Then in handler:4const rawBody = req.body; // Buffer5const event = JSON.parse(rawBody.toString());Duplicate webhook events are processed, creating duplicate database entries
Cause: Podia retries webhook delivery if your server does not respond with a 2xx status within the timeout window, or if network issues caused a delivery failure. This can result in the same event being delivered multiple times.
Solution: Implement idempotency by storing processed event IDs in a database or in-memory cache. Before processing an event, check if its ID has been seen before. If it has, return 200 without reprocessing. Podia includes a unique event ID in each webhook payload.
1processed_events = set() # Use a database in production23@app.route('/webhook', methods=['POST'])4def webhook():5 event = request.get_json(force=True)6 event_id = event.get('id')7 if event_id in processed_events:8 return jsonify({'received': True, 'duplicate': True})9 processed_events.add(event_id)10 # process event...Best practices
- Store your Podia API token in Replit Secrets (lock icon π) β never hardcode it in your source files.
- Always use a webhook secret and verify HMAC signatures on incoming webhook requests before processing them.
- Respond to webhook requests with a 200 status immediately, then process the event asynchronously to avoid Podia timeout retries.
- Implement idempotency in webhook handlers β store processed event IDs to prevent duplicate processing if Podia retries delivery.
- Deploy your webhook receiver on Replit Autoscale with a permanent URL β preview URLs are not reliable for production webhooks.
- Log all incoming webhook events with timestamps and event IDs for debugging and audit trail purposes.
- Subscribe only to the Podia webhook event types your integration actually needs β this reduces noise and simplifies event handling logic.
- Test with Podia's 'Send Test Event' button after initial setup and after each redeployment to confirm the webhook endpoint is reachable.
Alternatives
Teachable focuses specifically on online courses with a more mature API, making it a better choice if you only need course-based learning without memberships and downloads bundled together.
WooCommerce is a better fit for physical or digital product stores that need advanced e-commerce features like inventory management, variable products, and shipping integrations.
If you need full control over payment processing and subscription billing without a course-hosting platform, Stripe Connect lets you build custom digital product checkout flows from scratch.
Frequently asked questions
Does Replit work with Podia webhooks?
Yes. A Replit Autoscale deployment gives you a permanent HTTPS endpoint that Podia can deliver webhook events to. When deployed, your Replit server stays online continuously to receive purchase, membership, and refund events in real time. Use the Autoscale deployment URL in Podia's webhook settings.
How do I find my Podia API token?
Log in to Podia, go to Settings (gear icon), then click the Integrations tab. Scroll to the API section and copy your API token. If none exists yet, click 'Generate API Token'. Store the token immediately in Replit Secrets as PODIA_API_TOKEN β you may not be able to view it again after leaving the page.
What events can Podia send via webhook to Replit?
Podia webhooks cover the main commerce lifecycle events: purchase.completed (one-time product sales), subscription.started (new membership), subscription.renewed (recurring charge), subscription.cancelled, and refund.issued. You can subscribe to all events or select specific ones in Podia's webhook settings.
Can Replit receive Podia webhooks on the free tier?
The free Replit tier can receive webhooks while the editor is open, but the preview URL goes offline when you close the editor. For reliable production webhook delivery, you need a deployed Replit instance on Replit Core, which provides Autoscale deployments with a permanent URL that stays online around the clock.
How is Podia different from Teachable for a Replit integration?
Podia bundles courses, memberships, and digital downloads into one platform with unified sales events, while Teachable focuses specifically on courses. Both have API and webhook support, but Podia's single unified checkout means one webhook receiver handles all product types. Teachable's API is more mature and better documented if you only need course management.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation