Webhooks
Fecusio webhooks allow you to build your own integrations that subscribe to changes in Fecusio. For example, if a feature flag is updated, or an override is created, Fecusio sends an HTTP POST payload to the webhook’s configured URL.
Creating Webhook
Section titled “Creating Webhook”Currently it is not possible to create a webhook from the interface. If you want a webhook enabled, please contact us at support@fecusio.com.
Signing Webhook
Section titled “Signing Webhook”You can define an optional secret when setting up a webhook. If defined, the webhook POST request
will include an X-Fecusio-Signature header, whose value contains an HMAC SHA256 hex digest of the webhook payload
and the timestamp when the webhook was sent.
X-Fecusio-Signature: t=1756310670,sha256=2c3f86b275536c00a4e2f6d628aa7b0cb6251b15745e317b54bb79e216552051Compute the signature of the payload using the same shared secret in your code to verify that the webhook was sent by Fecusio. To prevent replay attacks, receivers should reject webhooks whose timestamp is older than a short window (e.g. 5 minutes).
hash_hmac("sha256", "{timestamp}.{body}", "{secret}")Payload Format
Section titled “Payload Format”The webhook payload format is identical to the audit logs format. Read Audit Logs API for more information.
Retries
Section titled “Retries”Fecusio will retry failed delivery attempts, such as when a non-2xx response is received for a webhook POST, or when a connection couldn’t be established temporarily. Failed attempts will be retried up to 5 times over 24 hours.
The order of webhook deliveries is not guaranteed, nor is it guaranteed that you will receive each webhook exactly once. Your integration should be tolerant of such cases and designed to be idempotent.