For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Log inTalk to sales
GuidesAPI Reference
  • Overview
    • Introduction
    • Entities
  • Webhooks
    • Introduction
    • Subscribe
    • Signatures
  • Use cases
    • Crypto payments
    • Remittance payments
    • Account to Account (A2A) payments
    • CARD Payments
    • SWIFT Payments
    • IBAN/SEPA Payments
    • Digital Wallet
  • Guides
    • File Uploads
LogoLogo
Log inTalk to sales
On this page
  • Step 1: Identify the events to subscribe
  • Step 2: Create a webhook endpoint
  • Step 3: Handle requests from Flagright
  • Check event objects
  • Return a 2xx response
  • Built-in retries
  • Step 4: Secure your webhooks (recommended)
  • Sandbox
  • Production
Webhooks

Subscribe

Was this page helpful?
Previous

Signatures

Next
Built with

Here are the steps to subscribe to a webhook endpoint.

Step 1: Identify the events to subscribe

Browse the list of events and identify the events you want to subscribe to. You can subscribe to multiple events in a single webhook endpoint.

Step 2: Create a webhook endpoint

Set up an HTTP endpoint that can accept unauthenticated webhook requests with a POST method.

Step 3: Handle requests from Flagright

Your endpoint must be configured to read event objects for the type of events you want to receive. Flagright sends events to your webhook endpoint as part of a POST request with a JSON payload.

Check event objects

Each event is structured as an event object with a type, id, data, and createdTimestamp. Your endpoint must check the event type and parse the payload of each event.

1{
2  "id": "2fa554d3-1ffa-4361-9af6-5479c2d4847f",
3  "type": "USER_STATE_UPDATED",
4  "createdTimestamp": 1661522222301,
5  "data": {...}
6}

Return a 2xx response

Your endpoint must quickly return a successful status code (2xx) prior to any complex logic that could cause a timeout (10 seconds).

Built-in retries

Flagright webhooks have built-in retry methods for 3xx, 4xx, or 5xx response status codes. We will retry for up to 3 days until we either receive a 2XX or we mark it as failed. If Flagright doesn’t quickly receive a 2xx response status code for an event, we mark the event as failed and stop trying to send it to your endpoint.

Step 4: Secure your webhooks (recommended)

Use webhook signatures to verify that Flagright generated a webhook request and that it didn’t come from a server acting like Flagright.

Example in Python Flask
1@app.route('/flagright_webhooks', methods=['POST'])
2def webhook():
3    event = request.json
4    if event.type == 'USER_STATE_UPDATED':
5        latest_user_state = event.data
6        # Then define and call a method to handle latest_user_state.
7    else:
8        print(f'Unhandled event type ${event.type}')
9
10    # Return a response to acknowledge receipt of the event
11    return 'OK'

For an additional layer of security, lock down your webhook endpoints to only accept the requests coming from the IP addresses listed below:

Sandbox

REGIONIP ADDRESSES
EU3.124.91.35
EU3.66.58.17
EU3.70.73.47
Asia13.251.166.15
Asia18.143.88.142
Asia46.137.237.47

Production

REGIONIP ADDRESSES
US (Oregon)35.155.123.185
US (Oregon)44.237.56.178
US (Oregon)52.11.98.137
EU (Frankfurt)3.67.28.78
EU (Frankfurt)3.76.95.10
EU (Frankfurt)35.156.181.187
EU (London)18.132.155.115
EU (London)18.134.212.219
EU (London)35.177.249.136
Asia (Singapore)18.139.42.183
Asia (Singapore)3.1.188.28
Asia (Singapore)3.1.234.194
Asia (Hong Kong)18.166.126.7
Asia (Hong Kong)43.198.196.218
Asia (Hong Kong)43.199.165.157
Australia (Sydney)18.139.42.183
Australia (Sydney)3.104.94.7
Australia (Sydney)54.79.45.195
Middle East (UAE)3.28.175.208
Middle East (UAE)3.28.224.220
Middle East (UAE)51.112.26.119