New: unified Python, Go & Rust SDKs — available now in beta.
Webhooks

Webhooks

Receive every scored feed item pushed to your own endpoints.

Webhooks are the push counterpart to the feed: instead of polling the API, you register endpoint URLs and Forecite POSTs every realtime scored item to them as it's published.

Register an endpoint

Add an endpoint from the Webhooks page in your dashboard. Each endpoint has:

  • a URL that receives POST requests,
  • a signing secret (whsec_…) used to verify deliveries,
  • an enabled toggle, and
  • delivery telemetry (last triggered time + last response status).

v1 delivery

In v1 every enabled endpoint receives the full realtime stream (a global broadcast). Per-endpoint filtering is coming — until then, filter on your side using the payload fields.

Payload

Each delivery is a POST with a JSON body matching a feed item:

{
  "type": "feed.item",
  "data": {
    "id": "0b3f...",
    "title": "Q3 EPS $4.93 vs $4.59 est; FY guide raised",
    "source": "globenewswire",
    "published_at": "2026-06-30T13:31:02Z",
    "scoring": { "actionability": true, "sentiment_score": 8 },
    "symbols": [{ "symbol": "NVDA", "exchange": "NASDAQ" }]
  }
}

Verify the signature

Every request is signed with your endpoint's secret so you can confirm it came from Forecite. The signature is an HMAC-SHA256 of the raw request body, sent in the Forecite-Signature header.

import { createHmac, timingSafeEqual } from "node:crypto"

function verify(rawBody: string, header: string, secret: string) {
  const expected = createHmac("sha256", secret).update(rawBody).digest("hex")
  const a = Buffer.from(expected)
  const b = Buffer.from(header)
  return a.length === b.length && timingSafeEqual(a, b)
}

Verify before trusting

Always verify the signature against the raw body (before JSON parsing) and reject mismatches. Never act on an unsigned or unverified payload.

Responding & retries

  • Return a 2xx quickly (within a few seconds) to acknowledge receipt.
  • Do heavy work asynchronously — don't block the response on downstream processing.
  • Non-2xx responses are recorded in your endpoint's delivery status so you can spot failing endpoints from the dashboard.

On this page