Webhooks in the Fern Definition

Fern Definition isn’t recommended for new customers and Fern isn’t accepting feature requests for this format. It remains supported for existing users.

In Fern, you can specify webhooks in your API definition. The webhooks will be included in both the generated SDKs and the API documentation.

Webhook definition

Each webhook defines:

Method: The HTTP Method that the webhook will use (either GET or POST)
Headers: The headers that the webhook will send
Payload: The schema of the webhook payload

webhooks.yml

1 webhooks: 
2   paymentNotification: 
3     display-name: Payment Notification
4     docs: Receive a notification when a payment changes status
5     method: POST 
6     headers: 
7       X-Signature-Primary: 
8         type: string 
9         docs: An HMAC signature of the payload
10     payload: PaymentNotificationPayload
11 
12 types: 
13   PaymentNotificationPayload: 
14     discriminant: notificationType
15     union: 
16       queued: QueuedPaymentNotification
17       processing: ProcessingPaymentNotification
18       completed: CompletedPaymentNotification

Inlined payloads

You can inline the schema of the payload by doing the following:

webhooks.yml

1 webhooks: 
2   paymentNotification: 
3     display-name: Payment Notification
4     docs: Receive a notification when a payment changes status
5     method: POST 
6     headers: 
7       X-Signature-Primary: 
8         type: string 
9         docs: An HMAC signature of the payload
10     payload:
11       name: PaymentNotificationPayload
12       properties: 
13         id:
14           type: string
15           docs: The notification id
16         amount: double
17         currency: Currency

Generate webhook reference

Fern Docs can automatically generate your webhook reference documentation from your definition. Set this up in your docs.yml file.

Your webhook reference can be a single documentation page:

docs.yml

1 navigation:
2   - api: Webhook Reference # Display name for this page
3     api-name: webhooks-v1 # Directory containing webhook definition

Or you can configure individual documentation pages per webhook event:

docs.yml

1 navigation:
2   - subpackage_api.newPlantWebhook # Format: subpackage_{name-of-api}.{webhook-event-name}

For more information on how to configure your webhook reference in docs.yml, see Generate your webhook reference.

SDK signature verification

You can configure webhook signature verification directly in your Fern Definition using the webhook-signature block. When configured, Fern generates SDK utilities that allow users to verify webhook signatures and ensure events originate from your API.

Configuration can be set at the document level (applies to all webhooks) or per-webhook (overrides the document-level default). Both levels accept the same configuration options.

Fern supports two verification methods: HMAC (symmetric key verification using shared secrets) and Asymmetric (public key verification using RSA, ECDSA, or Ed25519 keys).

Document-level

Per-webhook override

api.yml

1 webhook-signature:
2   type: hmac
3   header: x-webhook-signature
4   algorithm: sha256
5   encoding: hex
6 
7 webhooks:
8   userCreated:
9     method: POST
10     payload: UserCreatedPayload
11     # Inherits document-level signature config
12 
13   orderCompleted:
14     method: POST
15     payload: OrderCompletedPayload
16     # Inherits document-level signature config

Configuration options

Common fields

These fields apply to both HMAC and asymmetric verification.

type

'hmac' | 'asymmetric'Required

The signature verification method. Use hmac for symmetric key verification with shared secrets, or asymmetric for public key verification.

stringRequired

The HTTP header containing the signature. For example, x-webhook-signature or x-hub-signature-256.

encoding

'base64' | 'hex'Required

The encoding format of the signature value in the header.

signature-prefix

string

A prefix to strip from the signature header value before verification. For example, "sha256=" or "rsa=".

timestamp.header

stringRequired

HTTP header containing the delivery timestamp.

timestamp.format

'unix-seconds' | 'unix-millis' | 'iso8601'Required

Format of the timestamp value in the header.

timestamp.tolerance

integerDefaults to 300

Allowed clock skew in seconds. Requests with timestamps outside this window are rejected.

HMAC fields

These fields apply when type is set to hmac.

algorithm

'sha256' | 'sha1' | 'sha384' | 'sha512'Required

The HMAC hash algorithm for signature computation. sha256 is recommended. sha1 is deprecated and should only be used for legacy compatibility.

payload-format.components

list of stringsRequired

Ordered list of payload components to concatenate before hashing. Available components:

Component	Description
`body`	Raw request body
`timestamp`	Timestamp value from timestamp header
`notification-url`	The webhook/callback URL
`message-id`	Provider-assigned message identifier

payload-format.delimiter

stringRequired

String used to join the components. Use "." for timestamp-prefixed payloads or "" for direct concatenation.

Asymmetric fields

These fields apply when type is set to asymmetric.

asymmetric-algorithm

The asymmetric signing algorithm. rsa-sha256 and ecdsa-sha256 are widely supported defaults. ed25519 is a modern, efficient option.

jwks-url

string

JSON Web Key Set (JWKS) endpoint URL of the key retrieval service. Required when using JWKS-based key rotation; omit for static key verification.

key-id-header

string

HTTP header containing the key ID used to select the correct key from the JWKS endpoint.

Fern Definition isn’t recommended for new customers and Fern isn’t accepting feature requests for this format. It remains supported for existing users.

In Fern, you can specify webhooks in your API definition. The webhooks will be included in both the generated SDKs and the API documentation.

Webhook definition

Each webhook defines:

Method: The HTTP Method that the webhook will use (either GET or POST)
Headers: The headers that the webhook will send
Payload: The schema of the webhook payload

webhooks.yml

1 webhooks: 
2   paymentNotification: 
3     display-name: Payment Notification
4     docs: Receive a notification when a payment changes status
5     method: POST 
6     headers: 
7       X-Signature-Primary: 
8         type: string 
9         docs: An HMAC signature of the payload
10     payload: PaymentNotificationPayload
11 
12 types: 
13   PaymentNotificationPayload: 
14     discriminant: notificationType
15     union: 
16       queued: QueuedPaymentNotification
17       processing: ProcessingPaymentNotification
18       completed: CompletedPaymentNotification

Inlined payloads

You can inline the schema of the payload by doing the following:

webhooks.yml

1 webhooks: 
2   paymentNotification: 
3     display-name: Payment Notification
4     docs: Receive a notification when a payment changes status
5     method: POST 
6     headers: 
7       X-Signature-Primary: 
8         type: string 
9         docs: An HMAC signature of the payload
10     payload:
11       name: PaymentNotificationPayload
12       properties: 
13         id:
14           type: string
15           docs: The notification id
16         amount: double
17         currency: Currency

Generate webhook reference

Fern Docs can automatically generate your webhook reference documentation from your definition. Set this up in your docs.yml file.

Your webhook reference can be a single documentation page:

docs.yml

1 navigation:
2   - api: Webhook Reference # Display name for this page
3     api-name: webhooks-v1 # Directory containing webhook definition

Or you can configure individual documentation pages per webhook event:

docs.yml

1 navigation:
2   - subpackage_api.newPlantWebhook # Format: subpackage_{name-of-api}.{webhook-event-name}

For more information on how to configure your webhook reference in docs.yml, see Generate your webhook reference.

SDK signature verification

Configuration can be set at the document level (applies to all webhooks) or per-webhook (overrides the document-level default). Both levels accept the same configuration options.

Fern supports two verification methods: HMAC (symmetric key verification using shared secrets) and Asymmetric (public key verification using RSA, ECDSA, or Ed25519 keys).

Document-level

Per-webhook override

api.yml

1 webhook-signature:
2   type: hmac
3   header: x-webhook-signature
4   algorithm: sha256
5   encoding: hex
6 
7 webhooks:
8   userCreated:
9     method: POST
10     payload: UserCreatedPayload
11     # Inherits document-level signature config
12 
13   orderCompleted:
14     method: POST
15     payload: OrderCompletedPayload
16     # Inherits document-level signature config

Configuration options

Common fields

These fields apply to both HMAC and asymmetric verification.

type

'hmac' | 'asymmetric'Required

The signature verification method. Use hmac for symmetric key verification with shared secrets, or asymmetric for public key verification.

stringRequired

The HTTP header containing the signature. For example, x-webhook-signature or x-hub-signature-256.

encoding

'base64' | 'hex'Required

The encoding format of the signature value in the header.

signature-prefix

string

A prefix to strip from the signature header value before verification. For example, "sha256=" or "rsa=".

timestamp.header

stringRequired

HTTP header containing the delivery timestamp.

timestamp.format

'unix-seconds' | 'unix-millis' | 'iso8601'Required

Format of the timestamp value in the header.

timestamp.tolerance

integerDefaults to 300

Allowed clock skew in seconds. Requests with timestamps outside this window are rejected.

HMAC fields

These fields apply when type is set to hmac.

algorithm

'sha256' | 'sha1' | 'sha384' | 'sha512'Required

The HMAC hash algorithm for signature computation. sha256 is recommended. sha1 is deprecated and should only be used for legacy compatibility.

payload-format.components

list of stringsRequired

Ordered list of payload components to concatenate before hashing. Available components:

Component	Description
`body`	Raw request body
`timestamp`	Timestamp value from timestamp header
`notification-url`	The webhook/callback URL
`message-id`	Provider-assigned message identifier

payload-format.delimiter

stringRequired

String used to join the components. Use "." for timestamp-prefixed payloads or "" for direct concatenation.

Asymmetric fields

These fields apply when type is set to asymmetric.

asymmetric-algorithm

The asymmetric signing algorithm. rsa-sha256 and ecdsa-sha256 are widely supported defaults. ed25519 is a modern, efficient option.

jwks-url

string

JSON Web Key Set (JWKS) endpoint URL of the key retrieval service. Required when using JWKS-based key rotation; omit for static key verification.

key-id-header

string

HTTP header containing the key ID used to select the correct key from the JWKS endpoint.

1	webhooks:
2	paymentNotification:
3	display-name: Payment Notification
4	docs: Receive a notification when a payment changes status
5	method: POST
6	headers:
7	X-Signature-Primary:
8	type: string
9	docs: An HMAC signature of the payload
10	payload: PaymentNotificationPayload
11
12	types:
13	PaymentNotificationPayload:
14	discriminant: notificationType
15	union:
16	queued: QueuedPaymentNotification
17	processing: ProcessingPaymentNotification
18	completed: CompletedPaymentNotification

1	navigation:
2	- api: Webhook Reference # Display name for this page
3	api-name: webhooks-v1 # Directory containing webhook definition

1	navigation:
2	- subpackage_api.newPlantWebhook # Format: subpackage_{name-of-api}.{webhook-event-name}

1	webhook-signature:
2	type: hmac
3	header: x-webhook-signature
4	algorithm: sha256
5	encoding: hex
6
7	webhooks:
8	userCreated:
9	method: POST
10	payload: UserCreatedPayload
11	# Inherits document-level signature config
12
13	orderCompleted:
14	method: POST
15	payload: OrderCompletedPayload
16	# Inherits document-level signature config