# Endpoint ## Description HTTP/HTTPS endpoint hosted on your server for receiving subscription feed events ### Requirements * Minimally the endpoint needs to support `POST` requests to be able to received published press releases. * Handle that the request body contains a [News Item ](/mfn-integration-guide/-MbDBLBpI3LuyvwyWLVw/api/model.md#news-item)in JSON (or XML) format. * Respond with 200 if you correctly received the release. This tells our backend that it doesn't have to retry the request. ### Recommended * Host the endpoint (callback) at a "hard to guess" URL. * For example: [`https://site.se/investors/news/j40sk6kfj43lgkr`](https://site.se/investors/news/j40sk6kfj43lgkr) * Before using the post body, verify the received request using * HMAC - see below (if `hub.secret` was setup during subscribe) ### Extras * Support `GET` requests to correctly implement the [Subscribe](/mfn-integration-guide/-MbDBLBpI3LuyvwyWLVw/api/websub/subscribe.md) flow. * Support "extended events", additional methods ( `PUT` and `DELETE`) to handle updates of the existing feed content. Updated press releases (`PUT`) and deleted/hidden press releases (`DELETE`). * Support the [Ping Extension](/mfn-integration-guide/-MbDBLBpI3LuyvwyWLVw/api/websub/ping.md), which optionally pings all parts of your endpoint to make sure that it is still working. This can be useful in a production setup, since it can help us detect errors early, and notify you. ## HMAC Verification Using the secret you provided when you setup the subscription, you can verify the received request content by the following algorithm (pseudo code). Note there are some examples of HMAC verification in actual languages available at [Code Samples](/mfn-integration-guide/-MbDBLBpI3LuyvwyWLVw/api/websub/code-samples.md). Our servers will send the the HMAC signature in the `X-Hub-Signature` header as described in the [WebSub documentation](https://www.w3.org/TR/websub/#signature-validation). ``` received_hmac_sig = http_request.headers().get("X-Hub-Signature") calced_hmac_sig = hmac_sha256.calc_sig(hub_secret, http_request.body()) if received_hmac_sig == calced_hmac_sig: // SUCCESS persist(http_request.body()) return 200 // this signals to use that we don't need to retry this request else: // MALFORMED REQUEST return non-200 http status back to use to signal error, can include error msg ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://modfin.gitbook.io/mfn-integration-guide/-MbDBLBpI3LuyvwyWLVw/api/websub/endpoint.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.