Enterprise Webhooks v2.0

Real-time events with HMAC-SHA256 signing and retries.

Features

• HMAC-SHA256 Signing - Every request signed with your secret
• Replay Protection - Timestamp + nonce in every request
• Auto Retries - 3 attempts with backoff (5s, 30s, 5min)
• Dead Letter Queue - Failed deliveries stored for inspection

Event Types

• DEPEG_WARNING - Price deviation from $1.00
• SUPPLY_MISMATCH - Supply vs reserves mismatch
• RESERVE_LOW - Reserve ratio below threshold
• ATTESTATION_NEW - New attestation published
• LARGE_TRANSFER - Large transfer detected
• CCI_CHANGE - Confidence Index change
• INTEGRITY_FLAG - Integrity check raised flag

Headers

X-FeedOracle-Event: DEPEG_WARNING
X-FeedOracle-Timestamp: 2026-01-30T14:30:00Z
X-Webhook-Signature: v1=abc123...

Verify Signature (Python)

import hmac, hashlib, json

def verify(body, secret, sig_header):
    ts = body['timestamp']
    nonce = body['nonce']
    canonical = f"{ts}.{nonce}.{json.dumps(body, separators=(',',':'), sort_keys=True)}"
    expected = 'v1=' + hmac.new(secret.encode(), canonical.encode(), hashlib.sha256).hexdigest()
    return hmac.compare_digest(expected, sig_header)

Resources

CloudEvents Envelope (EPM v1.0)

Evidence pack events use CloudEvents for interoperability.

Event Types

• feedoracle.evidence.created - New evidence pack
• feedoracle.evidence.verified - Pack verified
• feedoracle.evidence.expired - Validity expired

CloudEvents Example

{
  "specversion": "1.0",
  "type": "feedoracle.evidence.created",
  "source": "https://api.feedoracle.io/api/v1/epm",
  "id": "evt-rlusd-20260130",
  "time": "2026-01-30T16:00:00Z",
  "data": {
    "manifest_id": "EPM-RLUSD-20260130",
    "manifest_url": "https://api.feedoracle.io/api/v1/epm/manifest/EPM-RLUSD-20260130",
    "type": "rlusd.integrity",
    "jurisdiction": "GLOBAL"
  }
}

• Event Contract Schema
• CloudEvents Schema
• RLUSD Attestation
• Integrity Suite
• EPM v1.0 Documentation