How Webhooks Work
Webhooks are signed with HMAC-SHA256. Always verify the
X-DocIntell-Signature header before processing.Quick Start
1. Create Webhook Endpoint
2. Register Webhook
signing_secret - store it securely, as it won’t be shown again:
Event Types
document.uploaded
Fired when a document is successfully uploaded and queued for processing.document.processing.completed
Fired when document extraction completes successfully.document.processing.failed
Fired when document extraction fails.Managing Webhooks
List Webhooks
Update Webhook
Rotate Secret
Delete Webhook
Security
All webhooks include HMAC-SHA256 signatures in theX-DocIntell-Signature header. Always verify signatures to ensure authenticity.
Headers included with every webhook:
Retry Policy
DocIntell uses exponential backoff for webhook retries:
After 5 failed attempts (or a 4xx client error), delivery is marked as failed and moved to the Dead Letter Queue for manual review.
Best Practices
- Verify signatures - Always validate the
X-DocIntell-Signatureheader - Respond quickly - Return a 2xx response within 10 seconds
- Process async - Queue webhook processing for heavy operations
- Handle duplicates - Use
document_idandjob_idfor idempotency - Rotate secrets - Periodically rotate your webhook signing secret