FNZ OpenPlatform Webhooks

As an FNZ client you may also be provisioned access to webhook events from your FNZ platform.

These webhooks differ from the appstore webhooks in their scope of access and the manner in which they are managed.



FNZ OpenPlatform Webhooks support the following modes of security:

HMAC Signature

When security hmac is selected, supply a shared Client secret.

Requests with a HMAC signature will include the following headers:

x-ms-dateTimestamp of the request
x-ms-content-sha256Hash of the payload generated using the SHA256 hashing algorithm
AuthorizationEncoded field containing the same values as the previous headers in the format:

HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature={signature}

For more information on handling these headers and verifying the signature, see: https://learn.microsoft.com/en-us/azure/communication-services/tutorials/hmac-header-tutorial?pivots=programming-language-csharp

OAuth 2.0

When security oauth is selected, supply Client ID, Client secret and Token endpoint.

Requests with HMAC signature will include the following headers:

AuthorizationOAuth 2.0 bearer token retrieved from the supplied token endpoint

Webhook Setup

Configuring Webhooks

FNZ OpenPlatform Webhooks are managed via Application → {Your Platform Service Pack} → Webhooks.

This supports the following functionality:

  • Add or remove webhooks
  • Enable or disable a webhook
  • Set or modify the event subscriptions for a webhook
OpenPlatform service pack webhooks

OpenPlatform service pack webhooks

Webhook configuration options

Webhook configuration options


Description Free text field for a helpful name or description for the webhook for your own use.

URL The endpoint that your application hosts and that webhook events should be sent to.

Add Event Type Specify a list of event types that the webhook should receive.

Request Headers

Optionally append HTTP request headers to each request sent to the webhook.


Apply HMAC payload signing or OAuth 2.0 authentication security.


Encrypt payloads with a shared secret.

Retry Strategy

Enable and specify the strategy for retries for failed requests.

Once created you can view a summary of the webhook and the schema for subscribed events:

Summary view of existing endpoints with schema explorer

Summary view of existing endpoints with schema explorer

Webhook retries

FNZ OpenPlatform Webhooks support configurable retry schedules, including exponential back-off, thus event ordering is not guaranteed.

Currently, these settings must be manually configured by FNZ. Please contact FNZ through your existing support channels if you wish to modify this configuration.