Handles an inbound webhook call authenticated via HMAC signature verification
Variant of `POST WebhookInbound` for providers that sign payloads (Stripe, GitHub, Slack, etc.) — the route does not act as a credential, and instead the provider-specific signature header is verified against the secret stored on the webhook. A failed verification returns 401; a successful one dispatches to subscribers identically to the API-key flow, returning the provider's expected ack body or 204. Anonymous endpoint, since the signature is the authentication.
Path Parameters
The webhook provider name (e.g. github, stripe).
The webhook ID embedded in the route for routing.
The tenant identifier
Response Body
curl -X POST "https://api.fruxon.com/v1/tenants/string/webhooks/string/string"{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}{
"type": "string",
"title": "string",
"status": 0,
"detail": "string",
"instance": "string",
"property1": null,
"property2": null
}Handles an inbound webhook call from an external provider
External-system entry point — the URL `{webhookProvider}/{webhookId}` is what you paste into the provider's webhook config. The webhook ID itself acts as the bearer credential; treat it as a secret. The handler dispatches the raw request to every matching subscription and either returns the provider's required synchronous acknowledgement (200 with a body) or 204 if none is needed. Use `POST WebhookInboundSigned` instead for providers that authenticate by HMAC signature.
Gets authorization settings metadata for all supported auth types.
Returns the configuration parameters and their descriptions for each supported authorization type, used when creating or editing integrations.