Webhook System

Fastgen’s webhook system enables real-time integration between your applications and our platform. This event-driven approach allows you to build automated workflows and maintain data synchronization across your entire technology stack.

Why Use Webhooks?

Modern applications require efficient communication and data sharing mechanisms. Webhooks provide several advantages:

Real-time Updates

Receive instant notifications instead of constantly polling for changes

Automated Workflows

Create seamless automation between different systems and services

Efficient Resources

Reduce system load and latency compared to traditional polling methods

Easy Integration

Connect with your existing tools and services with minimal setup

Configuration

Setting Up Webhooks

Configure your webhook endpoints through our dashboard:

https://app.fastgen.ai/webhooks

You can set up multiple webhook URLs to receive different types of events, allowing for flexible event routing based on your needs.

Consider setting up separate webhooks for development and production environments to streamline your testing process.

Security

We implement HMAC Webhook Integrity Protection to ensure secure communication:

1

Signature Generation

Each webhook request includes a unique signature created using SHA-256 hashing and a shared secret key

2

Verification

Your server should verify this signature before processing any webhook data to ensure authenticity

3

Secret Management

Access your Signature Secret in the webhook configuration section at app.fastgen.ai/webhooks

Never share your Signature Secret or commit it to version control. Always use secure environment variables to store sensitive information.

Monitoring

Track all webhook activities through our logging system:

https://app.fastgen.ai/logs

The logging interface provides visibility into:

  • Incoming webhook requests
  • Outgoing webhook deliveries
  • Delivery status and debugging filters

Best Practices

Getting Started

Follow these steps to begin using webhooks:

1

Configure Endpoint

Navigate to the webhook configuration page and add your endpoint URL

2

Get Secret

Copy your signature secret from the webhook settings

3

Implement Verification

Add signature verification to your application using our example code

4

Test Integration

Use our testing tools to verify your webhook setup

5

Monitor

Check the logs to ensure proper functionality

Webhook Message Format

Initial Response

When sending a request to a workflow API route, you’ll receive a webhook message ID:

{
    "webhook_message_id": "9bde801d-bb41-417b-aaa6-50f7438085aa"
}

Webhook Payload

The webhook request to your configured endpoint will include:

{
    "event": "cv-score-finished",
    "id": "9bde801d-bb41-417b-aaa6-50f7438085aa",
    "payload": {
        ...
    }
}

Key components of the webhook payload:

  • event: The type of event that triggered the webhook
  • id: The webhook message ID (matches the initially returned ID)
  • payload: The actual data containing the event details

Headers

The webhook request includes a signature header for verification:

X-Fastgen-Signature: 854d567aea3fdeedbd58b827938d0d793be15a7ec0d23b7d8a175578724d34bd

Always verify the webhook signature using the X-Fastgen-Signature header before processing the webhook data.

Code Examples

Here’s how to verify webhook signatures in different languages:

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
  const hmac = crypto.createHmac('sha256', secret);
  const digest = hmac.update(payload).digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(digest)
  );
}

Remember to handle the raw request body when verifying signatures, as parsed bodies might have slightly different formats.