Skip to main content
Version: v1.31.2

Webhook Exporter

The Webhook exporter will collect the data and send it via an HTTP POST request to the specified endpoint. Everytime the FlushInterval or MaxEventInMemory is reached, a new call is performed.


If for some reason the call failed, we will keep the data in memory and retry to add the next time we reach FlushInterval or MaxEventInMemory.

Configuration example

// ...
DataExporter: ffclient.DataExporter{
// ...
Exporter: &webhookexporter.Exporter{
EndpointURL: " https://webhook.url/",
Secret: "secret-for-signing",
Meta: map[string]string{
"extraInfo": "info",
Headers: map[string][]string{
"Authorization": {"Bearer auth_token"},
// ...

Configuration fields

EndpointURL EndpointURL of your webhook
Secret (optional)
Secret used to sign your request body and fill the X-Hub-Signature-256 header.
See signature section for more details.
Add all the information you want to see in your request.
List of Headers to send to the endpoint

Webhook format

If you have configured a webhook, a POST request will be sent to the EndpointURL with a body in this format:

"meta": {
"hostname": "server01",
// ...
"events": [
"kind": "feature",
"contextKind": "anonymousUser",
"userKey": "14613538188334553206",
"creationDate": 1618909178,
"key": "test-flag",
"variation": "Default",
"value": false,
"default": false,
"source": "SERVER"
// ...


This header X-Hub-Signature-256 is sent if the webhook is configured with a secret.
This is the HMAC hex digest of the request body, and is generated using the SHA-256 hash function and the secret as the HMAC key.


The recommendation is to always use the Secret and on your API/webhook always verify the signature key to be sure that you don't get into a man-in-the-middle attack.

Get the latest GO Feature Flag updates