Settings · webhooks

Webhooks

Receive HTTP POSTs when events happen on your agents. Each payload is signed with HMAC-SHA256 via the X-FyrAgents-Signature header so you can verify authenticity.

No webhooks yet

Drop a Slack-incoming-webhook or your own HTTPS endpoint and we'll POST every conversation event there, signed with HMAC-SHA256.

Verifying the signature (server-side)

// Node.js
const crypto = require("crypto");
const sig = req.headers["x-fyragents-signature"]; // "t=...,v1=..."
const v1 = sig.split(",").find(p => p.startsWith("v1=")).slice(3);
const expected = crypto.createHmac("sha256", WEBHOOK_SECRET)
  .update(req.rawBody)
  .digest("hex");
if (crypto.timingSafeEqual(Buffer.from(v1, "hex"), Buffer.from(expected, "hex"))) {
  // process event
}