FNZ OpenPlatform Webhooks
As an FNZ client you may also be provisioned access to webhook events from your FNZ platform.
These webhooks differ from the appstore webhooks in their scope of access and the manner in which they are managed.
Prerequisites
Security
FNZ OpenPlatform Webhooks support the following modes of security:
HMAC Signature
When security hmac
is selected, supply a shared Client secret
.
Requests with a HMAC signature will include the following headers:
Header | Description |
---|---|
x-ms-date | Timestamp of the request |
x-ms-content-sha256 | Hash of the payload generated using the SHA256 hashing algorithm |
Authorization | Encoded field containing the same values as the previous headers in the format: HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature={signature} |
For more information on handling these headers and verifying the signature, see: https://learn.microsoft.com/en-us/azure/communication-services/tutorials/hmac-header-tutorial?pivots=programming-language-csharp
OAuth 2.0
When security oauth
is selected, supply Client ID
, Client secret
, Token endpoint
, Expires Property
and Token Property.
Note
Expires Property refers to the expiry date of the token.
Token Property refers to the token type
Requests with HMAC signature will include the following headers:
Header | Description |
---|---|
Authorization | OAuth 2.0 bearer token retrieved from the supplied token endpoint |
Webhook Setup
Configuring Webhooks
FNZ OpenPlatform Webhooks are managed via Application → {Your Platform Service Pack} → Webhooks.
This supports the following functionality:
- Add or remove webhooks
- Enable or disable a webhook
- Set or modify the event subscriptions for a webhook
General
Description Free text field for a helpful name or description for the webhook for your own use.
URL The endpoint that your application hosts and that webhook events should be sent to.
Add Event Type Specify a list of event types that the webhook should receive.
Request Headers
Optionally append HTTP request headers to each request sent to the webhook.
Security
Apply HMAC payload signing or OAuth 2.0 authentication security.
Encryption
Encrypt payloads with a shared secret.
Retry Strategy
Enable and specify the strategy for retries for failed requests.
Once created you can view a summary of the webhook and the schema for subscribed events:
Webhook retries
FNZ OpenPlatform Webhooks support configurable retry schedules, including exponential back-off, thus event ordering is not guaranteed.
Currently, these settings must be manually configured by FNZ. Please contact FNZ through your existing support channels if you wish to modify this configuration.
Updated about 2 months ago