Skip to main content
Solved

Webhook Verification for NL-GOV profile CloudEvents (using HTTP OPTIONS method)

  • April 27, 2026
  • 2 replies
  • 49 views
thijsknapen
Contributor
Forum|alt.badge.img+11

Hi FME’ers,

Recently I wanted to set up FME Flow to receive notifications from a notification service. 

My initial thought was to use an Automation with a Webhook trigger. Unfortunately this didn't work, because I couldn't register the Webhook URL in the external notification service, because it resulted in a validation error. 

After further investigation, it turned out that the notification service was set up using the Guidelines for NL-GOV profile CloudEvents 1.0. In 3.1.3 Abuse protection it's indicated that

The validation request uses the HTTP OPTIONS method

For this purpose, I thought about using the new Data Virtualization functionality of FME Flow, and found this article Webhook Verification Using Data Virtualization that looks very promising for my usecase. 

When I had a further look though, it seemed to me that the the HTTP OPTIONS method isn't supported for Data Virtualization endPoints (it appears that only GET, POST, PUT and DELETE are supported).

See also this page on the Web User Interface of Data Virtualization > Creating and Managing Endpoints, and choose 'Expand for details' under 'To Create an Endpoint'.

Because of this it seemed to me that unfortunately my usecase is currently not possible on FME Flow.

I was wondering if I'm maybe overlooking something?

For example, maybe in the latest FME version the OPTIONS method is supported, but the documentation is just not yet up to date. Or maybe it's planned to be supported in the near furture?

Also, maybe there are alternatives I can look into to set this up. Curious to hear about ideas/suggestions for this.

Thanks in advance,

 

Thijs

 

Best answer by zoe.forbes

Hi ​@thijsknapen,

I had a look into this, and can confirm we don’t support OPTIONS in Data Virtualization for any version of Flow. I looked at the spec you sent however and see that this validation protocol is a “should have” and not a “must have”, so my understanding is that the notification service should be able to work with Flow as is. 

You’re correct that the Webhook Verification article is for a very similar protocol, but the two covered there use different HTTP methods. I unfortunately can’t think of any workaround at this time, but I’ve reached out to our Development team who might be able to provide a lower-level workaround, although I can’t guarantee this. If they do find a workaround, it’ll likely not be officially supported.

I filed FMEFLOW-27399 internally, which requests HTTP OPTIONS be added to DV.

    2 replies

    zoe.forbes
    Safer
    Forum|alt.badge.img+9
    • zoe.forbesSafer
    • Safer
    • Best Answer
    • May 1, 2026

    Hi ​@thijsknapen,

    I had a look into this, and can confirm we don’t support OPTIONS in Data Virtualization for any version of Flow. I looked at the spec you sent however and see that this validation protocol is a “should have” and not a “must have”, so my understanding is that the notification service should be able to work with Flow as is. 

    You’re correct that the Webhook Verification article is for a very similar protocol, but the two covered there use different HTTP methods. I unfortunately can’t think of any workaround at this time, but I’ve reached out to our Development team who might be able to provide a lower-level workaround, although I can’t guarantee this. If they do find a workaround, it’ll likely not be officially supported.

    I filed FMEFLOW-27399 internally, which requests HTTP OPTIONS be added to DV.

    thijsknapen
    Contributor
    Forum|alt.badge.img+11
    • thijsknapenContributor
    • Author
    • Contributor
    • May 7, 2026

    Hi ​@zoe.forbes 

    Thanks for your look into this. Too bad that OPTIONS is not supported in Data Virtualization for any version of FME Flow. Therefore thanks for filing FMEFLOW-27399, so hopefully in the future this can become possible!

    Regarding your comment on "should have” vs "must have” at this validation protocol. In 3.1.3 Abuse protection it's indeed indicated that:

    Delivery targets SHOULD support the abuse protection feature. If a target does not support the feature, the sender MAY choose not to send to the target, at all, or send only at a very low request rate.

    In my case however I've noticed that when I register my Webhook Url (from FME Flow Automation) in the Event Broker application, it won't accept is.

    I've discussed this internally with our IT team. As a workaround we've now configured a Proxy to intercept OPTIONS requests (in which case it will return the desired validation response), and forward any POST requests to the Webhook Url. Fortunately we see that this works.

    Still looking forward on OPTIONS becoming available in Data VIrtualization in a future version of FME Flow (i.e. FMEFLOW-27399 to get picked up), but luckily for now this workaround works for me.

    Glad that I have some great IT collegues that were able to help me out on this 😀

    Community Stats

    32,590
    Posts
    123,700
    Replies
    40,916
    Members
    Terms & ConditionsAccessibility statement
    A product of
    Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.