Guides
Webhooks
Receive asynchronous status updates without polling.
Events
| Event | Description |
|---|---|
| job.started | Job accepted and started processing |
| job.completed | Job finished and output is available |
| job.failed | Job failed, check error payload |
Webhook Headers
| Header | Description |
|---|---|
| X-Webhook-Event | Event name, e.g. job.completed |
| X-Webhook-Delivery-Id | Unique delivery id |
| X-Webhook-Timestamp | ISO timestamp used for signing |
| X-Webhook-Signature | HMAC-SHA256 signature when signing secret is configured |
Webhook Handler Checklist
- Verify signature before trusting payload.
- Reject old timestamps to prevent replay attacks.
- Handle duplicates idempotently.
- Ack quickly and offload heavy work to queue.
Signature Verification (Node.js)
import crypto from 'node:crypto';
export function verifyWebhook(rawBody, timestamp, signature, secret) {
const signed = `${timestamp}.${rawBody}`;
const digest = crypto.createHmac('sha256', secret).update(signed).digest('hex');
const expected = `sha256=${digest}`;
return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(signature || ''));
}Quality Guardrails
- Prefer representative source clips when tuning model defaults.
- Keep input compression moderate to preserve edge details.
- Use explicit output format policy for transparent vs non-transparent workflows.
- Run A/B validation with the same clip set before changing defaults.
Implementation Checklist
- Define payload schema validation in backend before forwarding requests.
- Store model/output_format/background settings with each job record.
- Add internal quality review for difficult scenes (hair, glass, motion blur).
- Create runbook entries for model-specific failure cases.
Webhook Security Hardening
- Validate signature and timestamp on every callback.
- Reject duplicate event ids unless explicitly idempotent.
- Store raw payload and signature for forensics and reprocessing.