Feedspace provides webhooks to notify your application about important events in real-time. This section documents all available webhook events and their payloads.

How to Get Webhook Access

To get webhook access:
  1. Go to the Webhook Access page in your Feedspace account.
  2. Enter your webhook endpoint URL in the provided input field.
  3. After adding your endpoint URL, you can select which events you want to receive notifications for.
  4. Click the “Activate” button to enable webhook access for your account.
Once activated, Feedspace will start sending webhook notifications for the selected events to your specified endpoint.

Available Webhook Events

Feedspace currently supports the following webhook events:
  • feed.text.received: Triggered when a new text review is received
  • feed.video.received: Triggered when a new video review is received
  • feed.audio.received: Triggered when a new audio review is received

Webhook Delivery

Feedspace will send webhook notifications as HTTP POST requests to your specified webhook URL. Each notification follows this format: 
{
  "type": "event type",
  "data": {
    // Event-specific data
  }
}
The notification contains:
  • type: The event type (e.g., “feed.text.received”, “feed.video.received”, “feed.audio.received”)
  • data: The event-specific data payload

Example Request

When a new text review is received, Feedspace will send a POST request to your webhook URL with a payload like this: 
{
  "event": "feed.text.received",
  "data": {
    ...
  }
}

Verify Webhook Signature

To ensure the integrity and authenticity of incoming webhook requests, Feedspace signs each payload with a unique secret. We strongly recommend verifying this signature for all production webhooks.

How It Works

  1. The Signature Headers: Feedspace sends two headers with each webhook request:
    • x-feedspace-signature: The HMAC-SHA256 signature of the payload.
    • x-feedspace-timestamp: The Unix timestamp (in seconds) when the webhook was sent
  2. Your Signing Secret: Each webhook in your workspace has a unique signing secret. You can find this secret in your Feedspace dashboard under Automation > Webhook. Secrets are prefixed with whsec_.
  3. Verification Process: You reconstruct the signature on your server using the timestamp, the raw request body, and your secret. If it matches the x-feedspace-signature header, the webhook is legitimate.

Sample Verification Code

<?php

// 1. Retrieve the signature and timestamp from the headers
$headers = getallheaders();
$signature = $headers['x-feedspace-signature'] ?? null;
$timestamp = $headers['x-feedspace-timestamp'] ?? null;

// 2. Get the raw payload from the input stream
$payload = file_get_contents('php://input');

// 3. Define your secrets (Store these securely, e.g., in environment variables!)
$secret = 'whsec_test_1234222222232s334weee';

// 4. Compute the expected signature
$expectedSignature = hash_hmac('sha256', $timestamp . '.' . $payload, $secret);

// 6. Compare the signatures using a time-safe comparison
if (hash_equals($expectedSignature, $signature)) {
    // Webhook is verified! Process the event.
}

Best Practices

  • Implement proper error handling for incoming webhook requests
  • Consider implementing request validation to verify the authenticity of webhook requests
  • Handle different event types appropriately in your application
  • Keep your webhook endpoint URL secure and accessible