search
HomeLogin

Webhooks

Like normal requests to the API endpoints in the Faundit API v2, the Webhook message will be made as a request using HTTP POST and with the details of the message in the JSON body.

circle-exclamation

We updated our API endpoints and updated authentication requirements. This update introduces new functionalities, updated naming, route paths, parameters, and body.

Previous Names: Example 1: Members have been renamed to Locations. Example 2: The identifier faundit_memberID is locationID now.

Removed Requirements:

Example 3: Thefaundit_memberID is no longer required on the headers. Instead, it would be expected in some endpoints as part of the body, under the property name locationID.

If you integrated with our API before this update, everything will continue to function as expected. You can also use your old faundit_memberID as the new locationID.

Please contact us if you encounter any unexpected issues.

hashtag
Security

For security purposes, every webhook is delivered with signature headers for verification. You can get your webhook signing key by contacting tech@faundit.comenvelope.

hashtag
Signature Headers

We send two signature headers:

Header

Hash Input

Status

X-Faundit-Signature-Next

v1:<timestamp>:<body>

✅ Recommended

X-Faundit-Signature

v0:<timestamp>

⚠️ Legacy (deprecated)

circle-info

New integrations should use X-Faundit-Signature-Next as it includes payload integrity verification.

Verifying the Signature (Recommended - Next / V1)

  1. Retrieve the X-Faundit-Timestamp header from the request

  2. Get the raw request body as a string (do not parse it first)

  3. Concatenate: v1:<timestamp>:<body>

  4. Compute HMAC-SHA256 using your webhook signing secret

  5. Compare the result (hex-encoded) with the X-Faundit-Signature-Next header

Example (Node.js):

Legacy Verification (V0) - Deprecated

The legacy X-Faundit-Signature header is computed from v0:<timestamp> only (without the body). This method is deprecated and will be removed in a future update.

hashtag
Supported Events

Event
Description

item-status

Event triggered when an item changes its status or there is a new item.

request-status

Event triggered when an request changes its status or there is a new request.

hashtag
Webhook event payload

hashtag
Item event

This event will contain the ID of the item, locationID that you have to store to identify to what property the data belongs, the current status of the item, and the timestamp of when this event was performed.

An item can have different statuses, they are:

Status
Status Code

Contact Missing

contact-missing

Waiting for Response

waiting-response

Wrong Owner

wrong-owner

Pickup by Guest

pickup-by-guest

Left Behind

left-behind

Finished

finished

Shipment Paid

shipment-paid

Pickup Scheduled

pickup-scheduled

In Route

in-route

Delivered

delivered

Deleted

deleted

Expired

expired

Anonymized

anonymized

An example of the payload of this event can be:

hashtag
Request event

This event will contain the id of the request, locationID that you have to store to identify to what property the data belongs, the current status of the request, and the timestamp of when this event was performed.

A request can have different statuses, they are:

Status
Status Code

Registered

registered

Not Found

not-found

Resolved

resolved

Deleted

deleted

Expired

expired

Anonymized

anonymized

Last updated