Subscribe — Flagright | Documentation

Here are the steps to subscribe to a webhook endpoint.

Browse the list of events and identify the events you want to subscribe to. You can subscribe to multiple events in a single webhook endpoint.

Step 2: Create a webhook endpoint

Set up an HTTP endpoint that can accept unauthenticated webhook requests with a POST method.

Step 3: Handle requests from Flagright

Your endpoint must be configured to read event objects for the type of events you want to receive. Flagright sends events to your webhook endpoint as part of a POST request with a JSON payload.

Check event objects

Each event is structured as an event object with a type, id, data, and createdTimestamp. Your endpoint must check the event type and parse the payload of each event.

1 {
2   "id": "2fa554d3-1ffa-4361-9af6-5479c2d4847f",
3   "type": "USER_STATE_UPDATED",
4   "createdTimestamp": 1661522222301,
5   "data": {...}
6 }

Return a 2xx response

Your endpoint must quickly return a successful status code (2xx) prior to any complex logic that could cause a timeout (10 seconds).

Built-in retries

Flagright webhooks have built-in retry methods for 3xx, 4xx, or 5xx response status codes. We will retry for up to 3 days until we either receive a 2XX or we mark it as failed. If Flagright doesn’t quickly receive a 2xx response status code for an event, we mark the event as failed and stop trying to send it to your endpoint.

Step 4: Secure your webhooks (recommended)

Use webhook signatures to verify that Flagright generated a webhook request and that it didn’t come from a server acting like Flagright.

Example in Python Flask

1 @app.route('/flagright_webhooks', methods=['POST'])
2 def webhook():
3     event = request.json
4     if event.type == 'USER_STATE_UPDATED':
5         latest_user_state = event.data
6         # Then define and call a method to handle latest_user_state.
7     else:
8         print(f'Unhandled event type ${event.type}')
9 
10     # Return a response to acknowledge receipt of the event
11     return 'OK'

For an additional layer of security, lock down your webhook endpoints to only accept the requests coming from the IP addresses listed below:

Sandbox

REGION	IP ADDRESSES
EU	3.124.91.35
EU	3.66.58.17
EU	3.70.73.47
Asia	13.251.166.15
Asia	18.143.88.142
Asia	46.137.237.47

Production

REGION	IP ADDRESSES
US	35.155.123.185
US	44.237.56.178
US	52.11.98.137
EU	3.67.28.78
EU	3.76.95.10
EU	35.156.181.187
EU	18.132.155.115
EU	18.134.212.219
EU	35.177.249.136
Asia	18.139.42.183
Asia	3.1.188.28
Asia	3.1.234.194
Asia	13.234.102.242
Asia	3.109.243.84
Asia	43.205.70.199
Australia	18.139.42.183
Australia	3.104.94.7
Australia	54.79.45.195
Middle East	3.28.175.208
Middle East	3.28.224.220
Middle East	51.112.26.119

1	{
2	"id": "2fa554d3-1ffa-4361-9af6-5479c2d4847f",
3	"type": "USER_STATE_UPDATED",
4	"createdTimestamp": 1661522222301,
5	"data": {...}
6	}

1	@app.route('/flagright_webhooks', methods=['POST'])
2	def webhook():
3	event = request.json
4	if event.type == 'USER_STATE_UPDATED':
5	latest_user_state = event.data
6	# Then define and call a method to handle latest_user_state.
7	else:
8	print(f'Unhandled event type ${event.type}')
9
10	# Return a response to acknowledge receipt of the event
11	return 'OK'

Step 1: Identify the events to subscribe