FNZ OpenPlatform Webhooks

As an FNZ client you may also be provisioned access to webhook events from your FNZ platform.

These webhooks differ from the appstore webhooks in their scope of access and the manner in which they are managed.

Prerequisites

Security

FNZ OpenPlatform Webhooks support the following modes of security:

HMAC Signature

When security hmac is selected, supply a shared Client secret.

Requests with a HMAC signature will include the following headers:

HeaderDescription
x-ms-dateTimestamp of the request
x-ms-content-sha256Hash of the payload generated using the SHA256 hashing algorithm
AuthorizationEncoded field containing the same values as the previous headers in the format:

HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature={signature}

For more information on handling these headers and verifying the signature, see: https://learn.microsoft.com/en-us/azure/communication-services/tutorials/hmac-header-tutorial?pivots=programming-language-csharp

OAuth 2.0

When security oauth is selected, supply Client ID, Client secret, Token endpoint, Expires Property and Token Property.

📘

Note

Expires Property refers to the expiry date of the token.

Token Property refers to the token type

Requests with HMAC signature will include the following headers:

HeaderDescription
AuthorizationOAuth 2.0 bearer token retrieved from the supplied token endpoint

Webhook Setup

Configuring Webhooks

FNZ OpenPlatform Webhooks are managed via Application → {Your Platform Service Pack} → Webhooks.

This supports the following functionality:

  • Add or remove webhooks
  • Enable or disable a webhook
  • Set or modify the event subscriptions for a webhook
OpenPlatform service pack webhooks

OpenPlatform service pack webhooks


Webhook configuration options

Webhook configuration options

General

Description Free text field for a helpful name or description for the webhook for your own use.

URL The endpoint that your application hosts and that webhook events should be sent to.

Add Event Type Specify a list of event types that the webhook should receive.

Request Headers

Optionally append HTTP request headers to each request sent to the webhook.

Security

Apply HMAC payload signing or OAuth 2.0 authentication security.

Encryption

Encrypt payloads with a shared secret.

Retry Strategy

Enable and specify the strategy for retries for failed requests.

Once created you can view a summary of the webhook and the schema for subscribed events:

Summary view of existing endpoints with schema explorer

Summary view of existing endpoints with schema explorer


Webhook retries

FNZ OpenPlatform Webhooks support configurable retry schedules, including exponential back-off, thus event ordering is not guaranteed.

Currently, these settings must be manually configured by FNZ. Please contact FNZ through your existing support channels if you wish to modify this configuration.