Webhooks

Overview

Webhooks are a way to send notifications to your own system when certain events occur. For example, you might want to send a notification to Slack when a new feature flag is toggled.

All Events

It's not currently possible to only fire webhooks for specific events. All events will trigger all webhooks within your team.

Creating webhooks

When creating a new webhook, you need to supply:

URL: The URL of the webhook endpoint
Secret: A secret that will be used to sign the payload

You may also choose whether the webhook is enabled or disabled.

Verifying webhooks

Webhooks are sent as a POST request with a JSON payload. The request will contain a Signature header which is a HMAC SHA256 hash of the payload using the secret as the key. You can verify the webhook by calculating the HMAC SHA256 hash of the payload using the secret and comparing it to the Signature header.

To do this in PHP, you could do something like this:

php

$secret = 'mysecret';
$payload = file_get_contents('php://input');
$signature = hash_hmac('sha256', $payload, $secret);

if ($signature === $_SERVER['HTTP_SIGNATURE']) {
    // Webhook is verified
}

Webhooks ​

Overview ​

Creating webhooks ​

Verifying webhooks ​

On this page

Webhooks

Overview

Creating webhooks

Verifying webhooks