As an FNZ client you may also be provisioned access to webhook events from your FNZ platform.

These webhooks differ from the appstore webhooks in their scope of access and the manner in which they are managed.

Prerequisites

Security

FNZ OpenPlatform Webhooks support the following modes of security:

HMAC Signature

When security hmac is selected, supply a shared Client secret.

Requests with a HMAC signature will include the following headers:

Header	Description
x-ms-date	Timestamp of the request
x-ms-content-sha256	Hash of the payload generated using the SHA256 hashing algorithm
Authorization	Encoded field containing the same values as the previous headers in the format: HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature={signature}

For more information on handling these headers and verifying the signature, see: https://learn.microsoft.com/en-us/azure/communication-services/tutorials/hmac-header-tutorial?pivots=programming-language-csharp

OAuth 2.0

When security oauth is selected, supply Client ID, Client secret and Token endpoint.

Requests with HMAC signature will include the following headers:

Header	Description
Authorization	OAuth 2.0 bearer token retrieved from the supplied token endpoint

Webhook Setup

Configuring Webhooks

FNZ OpenPlatform Webhooks are managed via Application → {Your Platform Service Pack} → Webhooks.

This supports the following functionality:

Add or remove webhooks
Enable or disable a webhook
Set or modify the event subscriptions for a webhook

Summary view of existing endpoints with schema explorer

Edit the configuration of existing webhooks

Webhook retries

FNZ OpenPlatform Webhooks support configurable retry schedules, including exponential back-off, thus event ordering is not guaranteed.

Currently, these settings must be manually configured by FNZ. Please contact FNZ through your existing support channels if you wish to modify this configuration.