Webhook Destinations

You can configure Fabra to send your customer’s data to your own webhook instead of loading data directly into a data warehouse. To do so, Fabra will make a POST request to the webhook URL you enter when setting up the webhook destination with the following payload structure:

    "end_customer_id": "abcd-1234-efgh-5678",
    "object_id": 2,
    "object_name": "events",
    "data": [
            // these fields are configured when creating the object
            "id": 123,
            "event": "Login",
            "user_id": 456,
            "timestamp": "2022-10-23 12:21:01 UTC",
            "tags": ["tag1", "tag2", "tag3"],
            "additional_data": {"browser": "chrome"},

The data field will be limited to a maximum length of 1,000 records per-request by default. For updates exceeding this limit (including the initial sync), Fabra will make multiple calls to your webhook at a default rate limit of 100 requests per second.

Any missing or null fields in the source data will be omitted from the record if you’ve configured the object field to be optional. Otherwise, Fabra will throw and error and fail the sync.

JSON Fields

When configuring an object to receive via a webhook, you can indicate that a field should be json. Your customer will be able to add any number of arbitrary key/value pairs to this object, and they will be collected into a single object when Fabra calls your webhook.

Sync Modes

For webhooks, Fabra supports two different sync modes:

  1. full_overwrite: Fabra will send every record on each sync
  2. incremental_append: Fabra will only send the records that have been added or changed

Validating Webhook Signatures

When sending a request to your webhook endpoint, Fabra will add a X-FABRA-SIGNATURE header. You should use this to validate that the request actually came from Fabra. This signature can be computed using your “Webhook Signing Key” found in the Fabra Admin website under Destinations > Your Webhook.

To verify the webhook request, calculate a HMAC-SHA256 hash of the webhook payload (the body) using your Webhook Signing Key. Then ensure that this hash matches the signature found in the header exactly. As an extra verification step, ensure that the difference between the fabra_timestamp portion of the payload and the current time is within your tolerance.