To receive data updates, configure a webhook endpoint via the admin console. After each data update from the provider, a webhook event will be sent to your endpoint.
Your endpoint must respond with HTTP 200 to acknowledge successful receipt. If the request fails due to a network error, exceeds 30 seconds to complete or returns any status code other than 200, the system will retry the request up to 5 times with exponential backoff. After the final attempt, the event will be discarded.
Each webhook event is signed using an HMAC-SHA256 signature for verification. The signature is included in the X-Body-Signature header.The signature is computed by signing the raw request body as-is using a shared secret key. You can retrieve this key from the admin console.To verify authenticity:
Compute the HMAC-SHA256 hash of the request body using the shared key.
Compare the result to the value in the X-Body-Signature header.