Reference

Webhooks

Signed event notifications pushed to a URL you provide. Use these instead of polling for status changes.

You give us a delivery URL and a shared secret. We POST a JSON body and a signature with each event. Deliveries are at-least-once — dedupe on event_id.

Request headers

Content-Type: application/json
X-FI-Gateway-Event-Id: evt_01HX…
X-FI-Gateway-Event-Type: job.status_changed
X-FI-Gateway-Signature: t=1780405672,v1=<hmac_sha256>

Body

occurred_at is the time the underlying change happened (UTC). It can be slightly older than the delivery time, especially on a retry.

{
  "event_id":    "evt_01HX…",
  "event_type":  "job.status_changed",
  "occurred_at": "2026-06-02T10:30:00Z",
  "job": {
    "id": "21172159",
    "status":          "in_progress",
    "previous_status": "scheduled"
  }
}

Verifying a delivery

Compute HMAC_SHA256(secret, "{t}.{raw_body}") and compare against the v1= part of the signature header (constant-time comparison). Reject any delivery where the timestamp t is more than 5 minutes from your server’s clock, or where the signature doesn’t match — that catches both tampering and replay.

Retries

Non-2xx responses (or timeouts) are retried with exponential backoff for a few attempts. Return 2xx as soon as you’ve durably accepted the event — do the rest of the work afterwards.

Event types

job.created — a job was created in your scope. Includes the new job’s ID.
job.status_changed — a job moved between statuses. The body includes both the new and previous status so you can update your local copy without a follow-up read.