Webhooks
Fundipedia provides webhooks to alert you of events
happening in the system. These are POST
requests
to your server that are sent when an event occurs. The body of the request
contains details of the event in the following format:
{
"id": 9999,
"type": "Fund",
"created_at": "2018-11-07T13:19:26.2911192Z",
"trigger": "record-created",
"link": "/fund/9999"
}
Webhook endpoints can be registered on the dev portal or using the API. To help you diagnose or to understand webhook issues, a log of your webhook messages is also available under each webhook.
Upon receiving a webhook notification, you should acknowledge success by responding with an HTTP 200 response.
Webhook security
token
field when registering a
webhook via the API as well as in the dev portal.Events posted to your webhook endpoint(s) will be signed
using this token. Verifying this signature on your server prevents attackers
from imitating valid webhooks. The HMAC digest signature, generated using
SHA-1, will be stored in a X-Signature
header sent along
with the webhook request.
When you receive an event, you should compute a hash based
on the complete event payload using the secret token and ensure that the X-Signature
sent
by Fundipedia matches that hash.