Documentation

funiq docs

Everything you need to send, verify, and replay webhooks.

1. Quickstart

Create an endpoint from the dashboard. You'll get a URL like:

POST https://your-app/api/public/hooks/ingest/<slug>

Point your provider (Stripe, GitHub, etc.) at that URL. Every request is stored, verified, filtered, and forwarded to your forward_url.

2. Signature verification

funiq signs forwarded requests with HMAC-SHA256 using your endpoint's signing secret.

import { createHmac, timingSafeEqual } from "crypto";

function verify(secret, body, header) {
  const expected = "sha256=" + createHmac("sha256", secret).update(body).digest("hex");
  const a = Buffer.from(expected);
  const b = Buffer.from(header ?? "");
  return a.length === b.length && timingSafeEqual(a, b);
}

3. Retries + Dead-letter queue

Non-2xx responses are retried with exponential backoff: 30s, 2m, 10m, 30m, 2h, 6h. After 6 failed attempts the event lands in the dead-letter queue.

Replay any DLQ event from the dashboard or via the API.

4. API

Every action in the dashboard is available over HTTPS. Authenticate with an API key from Settings → API Keys.

curl https://your-app/api/v1/events \
  -H "authorization: Bearer hp_live_xxxxxxxxxxxxxxxxxxxx"