Webhook endpoints can be created in your account's Settings section. They allow you to be notified of changes on your Flexport data and milestone events for your shipments.
In order to verify that only requests coming from Flexport are allowed into your system, we require you to set a secret token for each of your endpoints. Flexport sends an X-Hub-Signature header with the value set as demonstrated on the right with each message. By verifying this header matches your expectations, we can ensure that only people with the secret token can send data to your endpoint.
The payload for a webhook is an
Flexport uses your secret token and the payload to create a hash signature with each payload. This hash
signature is passed along with each request in the headers as
X-Hub-Signature. To validate the payload:
Flexport expects to receive an HTTP
200 response code from your endpoint. We will continue trying to deliver
the message a number of times if we don’t receive one. To prevent time outs, it is wise to configure your
endpoints to send a
200 and then do any long running processing on the data.