Set up webhook
Learn how to set up a webhook to receive event data from Fungies.
Get started
To start receiving webhook events in your app, create and register a webhook endpoint by following the steps below:
- Create a webhook endpoint handler to receive event data POST requests.
- Register your endpoint within Fungies Dashboard.
- Secure your webhook endpoint.
You can register and create one endpoint to handle several different event types at once, or set up individual endpoints for specific events.
1. Create a webhook endpoint handler
Set up an HTTP or HTTPS endpoint function that can accept webhook requests with a POST method. If you’re still developing your endpoint function on your local machine, it can use HTTP. After it’s publicly accessible, your webhook endpoint function must use HTTPS.
Set up your endpoint function so that it:
- Handles POST requests with a JSON payload consisting of an event object.
- Quickly returns a successful status code (2xx) prior to any complex logic that could cause a timeout.
2. Register your endpoint within Fungies Dashboard
To register your endpoint, go to the Fungies Dashboard and navigate to the Developers -> Webhooks
section.
Click the Create a webhook
button and fill in the form with the following information:
- URL: The URL of your endpoint. If you are using ngrok, use the
https://...
url you copied in the previous step. - Secret: A secret key that will be used to sign the webhook events. You can use any string here, but it should be kept secret and used to verify the signature of the events.
- Choose the events you want to receive. You can select one or more events to receive at this endpoint.
Click the Save
button to register your endpoint.
From now on, your endpoint will receive events from Fungies and you can start processing them.
3. Secure the webhook endpoint
We highly recommend you secure your endpoint by ensuring your handler verifies that all webhook request are generated by Fungies. This can be done by verifying the signature of the event using the secret key you provided when registering the endpoint.
The x-fngs-signature
header included in each signed event contains the signature and is prefixed by sha256_
.
Fungies generates signatures using a hash-based message authentication code HMAC with SHA-256.
In order to verify the signature, you should use the secret key you provided when registering the endpoint and the raw body of the request.