Fundipedia provides webhooks to alert you of events happening in the system. These are POST requests to your server that are sent when an event occurs. The body of the request contains details of the event in the following format:

{
    "id": 9999, 
    "type": "Fund", 
    "created_at": "2018-11-07T13:19:26.2911192Z", 
    "trigger": "record-created", 
    "link": "/fund/9999" 
}

Webhook endpoints can be registered on the dev portal or using the API. To help you diagnose or to understand webhook issues, a log of your webhook messages is also available under each webhook.

Upon receiving a webhook notification, you should acknowledge success by responding with an HTTP 200 response.

Webhook security

Events posted to your webhook endpoint(s) will be signed using this token. Verifying this signature on your server prevents attackers from imitating valid webhooks. The HMAC digest signature, generated using SHA-1, will be stored in a X-Signature header sent along with the webhook request.

When you receive an event, you should compute a hash based on the complete event payload using the secret token and ensure that the X-Signature sent by Fundipedia matches that hash.