Handles an inbound webhook call from an external provider
External-system entry point — the URL `{webhookProvider}/{webhookId}` is what you paste into the provider's webhook config. The webhook ID itself acts as the bearer credential; treat it as a secret. The handler dispatches the raw request to every matching subscription and either returns the provider's required synchronous acknowledgement (200 with a body) or 204 if none is needed. Use `POST WebhookInboundSigned` instead for providers that authenticate by HMAC signature.
Authorization
Bearer JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.
In: header
Path Parameters
The webhook provider name (e.g. github, stripe).
The webhook ID embedded in the route for routing.
The tenant identifier
The API key authentication identifier
Response Body
curl -X POST "https://api.fruxon.com/v1/tenants/string/webhooks/string/string/string"{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}Create a subscription linking a subscriber (asset, connector, agent) to a webhook.
Wires a subscriber to events arriving on this webhook — once created, every inbound delivery for the webhook is fanned out to the subscriber (e.g. firing an agent trigger). Multiple subscribers can share a webhook; the request body says which subscriber kind and which event filter to apply. Detach via `DELETE WebhookSubscriptionItem`.
Handles an inbound webhook call authenticated via HMAC signature verification
Variant of `POST WebhookInbound` for providers that sign payloads (Stripe, GitHub, Slack, etc.) — the route does not act as a credential, and instead the provider-specific signature header is verified against the secret stored on the webhook. A failed verification returns 401; a successful one dispatches to subscribers identically to the API-key flow, returning the provider's expected ack body or 204. Anonymous endpoint, since the signature is the authentication.